And as we can see you are not using spfile. . I suppose, in different organization there are can be different security requirements. . Hemant, I can bet your listener, are listening on deferent port then 1521 and protected by password (many sites haven?t this). Have you considered to run Oracle software under different Unix account then oracle (lets say under user with name zona262db) and dba group rename to cra213 for security propose? There also recommendation to lock Oracle Software owner account and switch to it from another one. . I just would say, there are different sites as well as different requirements. . If you have height security requirements I would recommend to order ?Oracle Security Step-by-Step? by Pete Finnigan. http://www.amazon.com/exec/obidos/tg/detail/-/0974372749/qid=1089648916/sr=1-1/ref=sr_1_1/002-7956793-2529636?v=glance&s=books There are quite interesting ideas how to secure your Oracle env. by maximum. Jurijs 9268222 ============================================ http://otn.oracle.com/ocm/jvelikanovs.html Hemant K Chitale <hkchital@xxxxxxxxxxxxxx> Sent by: oracle-l-bounce@xxxxxxxxxxxxx 12.07.2004 18:10 Please respond to oracle-l To: oracle-l@xxxxxxxxxxxxx cc: Subject: re SYSDBA As a rule, I prefer "REMOTE_LOGIN_PASSWORDFILE=NONE " Thus, only a local account in the "dba" group can login as SYSDBA, preventing logins over remote connections. I even had an auditor point to my Plumtree database {where Plumtree's init.ora used a REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE} and ask me to disable it. Hemant At 10:35 PM Monday, you wrote: >I would only add that you have to give the number of entries as well as the >filename and password. The number of entries probably should be more than >one if you have sys logged on anywhere. Hemant K Chitale Oracle 9i Database Administrator Certified Professional http://web.singnet.com.sg/~hkchital "A man's reputation is what other people think of him; his character is what he really is." -- Miner, Jack ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------