Re: re SYSDBA
- From: J.Velikanovs@xxxxxxxx
- To: oracle-l@xxxxxxxxxxxxx
- Date: Mon, 12 Jul 2004 19:08:13 +0300
And as we can see you are not using spfile.
.
I suppose, in different organization there are can be different security
requirements.
.
Hemant, I can bet your listener, are listening on deferent port then 1521
and protected by password (many sites haven?t this).
Have you considered to run Oracle software under different Unix account
then oracle (lets say under user with name zona262db) and dba group rename
to cra213 for security propose?
There also recommendation to lock Oracle Software owner account and switch
to it from another one.
.
I just would say, there are different sites as well as different
requirements.
.
If you have height security requirements I would recommend to order
?Oracle Security Step-by-Step? by Pete Finnigan.
http://www.amazon.com/exec/obidos/tg/detail/-/0974372749/qid=1089648916/sr=1-1/ref=sr_1_1/002-7956793-2529636?v=glance&s=books
There are quite interesting ideas how to secure your Oracle env. by
maximum.
Jurijs
9268222
============================================
http://otn.oracle.com/ocm/jvelikanovs.html
Hemant K Chitale <hkchital@xxxxxxxxxxxxxx>
Sent by: oracle-l-bounce@xxxxxxxxxxxxx
12.07.2004 18:10
Please respond to oracle-l
To: oracle-l@xxxxxxxxxxxxx
cc:
Subject: re SYSDBA
As a rule, I prefer "REMOTE_LOGIN_PASSWORDFILE=NONE "
Thus, only a local account in the "dba" group can login
as SYSDBA, preventing logins over remote connections.
I even had an auditor point to my Plumtree database
{where Plumtree's init.ora used a REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE}
and ask me to disable it.
Hemant
At 10:35 PM Monday, you wrote:
>I would only add that you have to give the number of entries as well as
the
>filename and password. The number of entries probably should be more
than
>one if you have sys logged on anywhere.
Hemant K Chitale
Oracle 9i Database Administrator Certified Professional
http://web.singnet.com.sg/~hkchital
"A man's reputation is what other people think of him; his character is
what he really is."
-- Miner, Jack
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
