RE: Replacing OPS$ accounts
- From: "Blanchard, William" <wblanchard@xxxxxxxxxxxxxxxxxxxx>
- To: "Stephane Faroult" <sfaroult@xxxxxxxxxxxx>
- Date: Fri, 11 Jun 2010 13:20:12 -0500
Hmmm. Interesting. I'll test this out and let you know.
WGB
-----Original Message-----
From: Stephane Faroult [mailto:sfaroult@xxxxxxxxxxxx]
Sent: Friday, June 11, 2010 12:40 PM
To: Blanchard, William
Cc: ORACLE-L; oracledba@xxxxxxxxxxx
Subject: Re: Replacing OPS$ accounts
William,
What about setting ops_authent_prefix to something different? It will
not lock the accounts, but in effect it's likely to look the same ...
If you set ops_authent_prefix to 'hagahaga' and a user connected (to the
OS) as joe tries
sqlplus /
Oracle will try to connect to hagahagajoe, which is unlikely to exist.
The only risk is if the user explicitly connects as ops$joe AND if the
account has an Oracle password (which sometimes happens, when people
need to remotely connect).
Hope that helps.
Stephane Faroult
RoughSea Ltd <http://www.roughsea.com>
Konagora <http://www.konagora.com>
RoughSea Channel on Youtube <http://www.youtube.com/user/roughsealtd>
Blanchard, William wrote:
>
> Greetings,
>
> We have a legacy app that is currently using OPS$ accounts to log the
> users into the database. Since this is a purchased application that
> is no longer supported by the company we purchased it from, changing
> the code isn’t possible. Has anyone found a way to get rid of these
> accounts? If not, is there a “best practice” for locking down the
> OPS$ accounts?
>
>
> Thank you,
>
> WGB
>
> -
>
> This email and any information, files, or materials transmitted with it
> are confidential and are solely for the use of the intended recipient.
> If you have received this email in error, please delete it and notify
> the sender.
>
>
-
This email and any information, files, or materials transmitted with it
are confidential and are solely for the use of the intended recipient.
If you have received this email in error, please delete it and notify
the sender.
Other related posts:
