Re: Replacing OPS$ accounts
- From: Stephane Faroult <sfaroult@xxxxxxxxxxxx>
- To: wblanchard@xxxxxxxxxxxxxxxxxxxx
- Date: Fri, 11 Jun 2010 19:39:32 +0200
William,
What about setting ops_authent_prefix to something different? It will
not lock the accounts, but in effect it's likely to look the same ...
If you set ops_authent_prefix to 'hagahaga' and a user connected (to the
OS) as joe tries
sqlplus /
Oracle will try to connect to hagahagajoe, which is unlikely to exist.
The only risk is if the user explicitly connects as ops$joe AND if the
account has an Oracle password (which sometimes happens, when people
need to remotely connect).
Hope that helps.
Stephane Faroult
RoughSea Ltd <http://www.roughsea.com>
Konagora <http://www.konagora.com>
RoughSea Channel on Youtube <http://www.youtube.com/user/roughsealtd>
Blanchard, William wrote:
>
> Greetings,
>
> We have a legacy app that is currently using OPS$ accounts to log the
> users into the database. Since this is a purchased application that
> is no longer supported by the company we purchased it from, changing
> the code isn’t possible. Has anyone found a way to get rid of these
> accounts? If not, is there a “best practice” for locking down the
> OPS$ accounts?
>
>
> Thank you,
>
> WGB
>
> -
>
> This email and any information, files, or materials transmitted with it
> are confidential and are solely for the use of the intended recipient.
> If you have received this email in error, please delete it and notify
> the sender.
>
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
