Dear Guang Mei: Thanks for your message. Your suggestion is very helpful. After reviewing all possible uesers, I have locked them. Now I have only one concern that if nobody knows my database's sys and system's password, there should be no way to unlock these accounts. Am I complete right? Thanks! Any comments are appreciated!
Don Guang Mei wrote: > select * from all_users; > > to get all users, then change their oracle passwords so that no body can > log in except you. This way you know you are the only one who can change > the data. Next step is see what application can make the data change. > > Hope this helps. > > Guang > > On Fri, 11 Jul 2003, Don Yu wrote: > > > Dennis > > > > Thank you very much. My data in that database is changed three times. The first > > is whole data being delete. The second is over ten thousands records being > > added. The third is whole data related to a month being deleted. I know my > > working environment is very complicated. For this report application, I write > > shell scripts and C/C++ program to parsing Apache web server access log file > > (www.welch.jhu.edu) in order to get client ip, access date, and host ip, which > > are associated with the special pattern as "ntlinktrack.cgi", which is > > associated with Library E-Book,E-Journal, and E-database. Then I need to > > schedule a solaris cron job to process access log daily and load parsed data > > into database. Also I create some log files for saving intermediate information > > from my program. Then I create some ColdFusion pages to post these results into > > website. In my database there are over million records. Oracle DBA is new duty > > for me since I had found that my data was missing. This is the reason I post my > > question on Oracle user group. Now I am trying to read as much as I can but I do > > not have much time. I want to make sure my database is secure as early as I can. > > So what do you think of my reason? > > Thank you very much! > > > > > > Don > > > > > > DENNIS WILLIAMS wrote: > > > > > Don > > > SYS is the owner of the Oracle dictionary tables. It is a username with > > > DBA privilege, so someone who logs in can change data. If you have changed > > > its password, then you are assured that nobody is using that username right > > > now. If you've changed its password, then I wouldn't worry about it right > > > now. > > > Since it sounds as if you are the only person that accesses this > > > database, then you may want to change the username that owns your tables. > > > Hopefully this username is not SYSTEM or SYS. > > > After that, unless you know of other usernames someone might use to > > > access your Oracle database, don't make any more security changes for > > > awhile. Go back to trying to figure out why your data is changing without > > > your changing it. It may well be there is an innocent reason that has > > > nothing to do with someone else. I've had that happen to me when I've > > > started using an unfamiliar system. > > > And don't forget to buy a good Oracle DBA book like the one I suggested. > > > > > > Dennis Williams > > > DBA, 80%OCP, 100% DBA > > > Lifetouch, Inc. > > > [EMAIL PROTECTED] > > > > > > > > > > > > -----Original Message----- > > > Sent: Friday, July 11, 2003 3:49 PM > > > To: Multiple recipients of list ORACLE-L > > > > > > Dennis: > > > > > > Thanks for your message. Now I have changed sys password by the following > > > command: > > > alter user sys identified by xxxxxxx > > > But when I try to login from sql plus window by using sys, I cannot > > > successfully > > > login. Also I get an error message. The message is something like > > > "connection to > > > sys should be as sysdba or sysoper". So my question is what sys for? > > > Thank you very much! > > > > > > Don > > > > > > DENNIS WILLIAMS wrote: > > > > > > > Don > > > > If only you can make updates to your Oracle database, then you must > > > enter > > > > all the data ;-) > > > > From the tone of your posting, I'm going to assume that you are pretty > > > > new to Oracle. You may want to get a good basic administration book like > > > > Oracle9i DBA 101. > > > > > > > http://www.amazon.com/exec/obidos/tg/detail/-/0072224746/qid=1057949734/sr=8 > > > > -1/ref=sr_8_1/104-2287688-5574335?v=glance&s=books&n=507846 > > > > It is also a good idea to always mention your Oracle version and platform > > > > (Unix, NT, etc.) in your posts. > > > > First, log in with the SYSTEM username. Then change the password for > > > SYSTEM > > > > and SYS with the command: > > > > ALTER USER SYSTEM IDENTIFIED BY xxxxx; > > > > Where xxxxx is your new password. > > > > You should be able to make these changes without affecting any end users. > > > > Next you should identify your groups of users and how they access Oracle. > > > > Basically you need to identify what their access requirements are and then > > > > audit the usernames they use to ensure the privileges granted are just > > > what > > > > is required. This is also a good time to see about changing passwords, but > > > > first buy the book and read up on the basics of Oracle security. > > > > > > > > Dennis Williams > > > > DBA, 80%OCP, 100% DBA > > > > Lifetouch, Inc. > > > > [EMAIL PROTECTED] > > > > > > > > -----Original Message----- > > > > Sent: Friday, July 11, 2003 2:45 PM > > > > To: Multiple recipients of list ORACLE-L > > > > > > > > Hi, > > > > > > > > I have a security question about Oracle database. Recently I have taken > > > > full control an Oracle database in my department. Now I would like to > > > > make sure that no other people except myself can update data in that > > > > database. Can somebody tell me what it is necessary steps to do that? > > > > Any comments are highly appreciated. Thanks! > > > > > > > > Don > > > > > > > > -- > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > -- > > > > Author: Don Yu > > > > INET: [EMAIL PROTECTED] > > > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > > San Diego, California -- Mailing list and web hosting services > > > > --------------------------------------------------------------------- > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > (or the name of mailing list you want to be removed from). You may > > > > also send the HELP command for other information (like subscribing). > > > > -- > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > -- > > > > Author: DENNIS WILLIAMS > > > > INET: [EMAIL PROTECTED] > > > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > > San Diego, California -- Mailing list and web hosting services > > > > --------------------------------------------------------------------- > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > (or the name of mailing list you want to be removed from). You may > > > > also send the HELP command for other information (like subscribing). > > > > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > -- > > > Author: Don Yu > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > San Diego, California -- Mailing list and web hosting services > > > --------------------------------------------------------------------- > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You may > > > also send the HELP command for other information (like subscribing). > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > -- > > > Author: DENNIS WILLIAMS > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > San Diego, California -- Mailing list and web hosting services > > > --------------------------------------------------------------------- > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You may > > > also send the HELP command for other information (like subscribing). > > > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Don Yu > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > San Diego, California -- Mailing list and web hosting services > > --------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Guang Mei > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Don Yu INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
