Re: re SYSDBA

And as we can see you are not using spfile.
.
I suppose, in different organization there are can be different security 
requirements.
.
Hemant, I can bet your listener, are listening on deferent port then 1521 
and protected by password (many sites haven?t this).
Have you considered to run Oracle software under different Unix account 
then oracle (lets say under user with name zona262db) and dba group rename 
to cra213 for security propose?
There also recommendation to lock Oracle Software owner account and switch 
to it from another one.
.
I just would say, there are different sites as well as different 
requirements.
.
If you have height security requirements I would recommend to order 
?Oracle Security Step-by-Step? by Pete Finnigan.
http://www.amazon.com/exec/obidos/tg/detail/-/0974372749/qid=1089648916/sr=1-1/ref=sr_1_1/002-7956793-2529636?v=glance&s=books
There are quite interesting ideas how to secure your Oracle env. by 
maximum.
Jurijs
9268222
============================================
http://otn.oracle.com/ocm/jvelikanovs.html






Hemant K Chitale <hkchital@xxxxxxxxxxxxxx>
Sent by: oracle-l-bounce@xxxxxxxxxxxxx
12.07.2004 18:10
Please respond to oracle-l
 
        To:     oracle-l@xxxxxxxxxxxxx
        cc: 
        Subject:        re SYSDBA




As a rule, I prefer "REMOTE_LOGIN_PASSWORDFILE=NONE "


Thus, only a local account in the "dba" group can login
as SYSDBA, preventing logins over remote connections.

I even had an auditor point to my Plumtree database
{where Plumtree's init.ora used a REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE}
and ask me to disable it.

Hemant



At 10:35 PM Monday, you wrote:
>I would only add that you have to give the number of entries as well as 
the
>filename and password.   The number of entries probably should be more 
than
>one if you have sys logged on anywhere.



Hemant K Chitale
Oracle 9i Database Administrator Certified Professional
http://web.singnet.com.sg/~hkchital
"A man's reputation is what other people think of him; his character is 
what he really is."
                                         -- Miner, Jack

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

Other related posts: