RE: windows authentication
- From: "Kor, Geo" <GKor@xxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 18 Feb 2004 11:10:55 +0100
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
because of this :
Oracle provides an option to verify authentication of accounts =
IDENTIFIED EXTERNALLY at the client. The database is configured to do =
this by setting the REMOTE_OS_AUTHENT parameter in the init.ora file. =
This configuration is not secure since an attacker on the network can =
connect to Oracle claiming to be any account IDENTIFIED EXTERNALLY. If =
you enable this parameter and an attacker can identify a user that is =
configured to use operating system authentication, the attacker will be =
able to connect to the account without providing any authentication =
credentials.
When an account is created, you choose to authenticate to the account =
using a password managed by Oracle or by the operating system. If you =
choose to rely on operating system authentication rather than Oracle =
authentication, you create the account using the following syntax:
create user [NEWUSER] identified externally
Relying on client-side authentication for Oracle is not secure since =
client-side security can be easily circumvented.=20
<<RE: windows authentication>>=20
-- Attached file included as plaintext by Ecartis --
Received: from srv1.RDW.NL ([192.168.170.24]) by rdw04198.prdw.tld with
Microsoft SMTPSVC(6.0.3790.0); Wed, 18 Feb 2004 10:54:53 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_003_01C3F605.41759480"
Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir
Technologies Mail Multiplex) with ESMTP id 2A4D4394B6F; Wed, 18 Feb 2004
04:52:44 -0500 (EST)
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Received: with ECARTIS (v1.0.0; list oracle-l); Wed, 18 Feb 2004 04:52:43
-0500 (EST)
Content-class: urn:content-classes:message
Subject: RE: windows authentication
Date: Wed, 18 Feb 2004 10:51:00 +0100
Message-ID: <s03335a9.090@xxxxxxxxxxxxxxxxxxxx>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: windows authentication
Thread-Index: AcP2BUIfKrCNdD+URkysiPLTeDmkcg==
From: "Niall Litchfield" <n-litchfield@xxxxxxxxxxxxxxxxxxxxxxx>
To: <oracle-l@xxxxxxxxxxxxx>
Reply-To: <oracle-l@xxxxxxxxxxxxx>
This is a multi-part message in MIME format.
------_=_NextPart_003_01C3F605.41759480
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Why do you say it is insecure?=3D20
Niall Litchfield
Oracle DBA
Audit Commission
+44 117 975 7805=3D20
> -----Original Message-----
> From: GKor@xxxxxx=3D20
> Sent: 18 February 2004 09:43
> To: GKor@xxxxxx; oracle-l@xxxxxxxxxxxxx
> Subject: windows authentication
>=3D20
>=3D20
> hi all=3D20
> What is my alternative to the following situation :
>=3D20
> database users are configured externally with=3D20
> remote_os_authent=3D3Dtrue , so that
> the db users connect with /@connectstring
>=3D20
> This is not secure, i know. But what is a better (more=3D20
> secure) solution
> without troubling about entering passwords.
>=3D20
> W2k with Oracle 8174
>=3D20
>=3D20
> Thanks
>=3D20
>=3D20
> vr.gr.
> G.g. Kor
> Sr. System Engineer I&DM Db
> RDW Voertuiginformatie en -toelating=3D20
> Ict Bedrijf
> Hollland
>=3D20
>=3D20
>=3D20
>=3D20
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
> put 'unsubscribe' in the subject line.
> --
> Archives are at //www.freelists.org/archives/oracle-l/
> FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>=3D20
>=3D20
**********************************************************************
This email contains information intended for
the addressee only. It may be confidential
and may be the subject of legal and/or
professional privilege. Any dissemination,
distribution, copyright or use of this
communication without prior permission of
the sender is strictly prohibited.
**********************************************************************
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
------_=_NextPart_003_01C3F605.41759480
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.6944.0">
<TITLE>RE: windows authentication</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>Why do you say it is insecure?=3D20</FONT>
</P>
<P><FONT SIZE=3D2>Niall Litchfield</FONT>
<BR><FONT SIZE=3D2>Oracle DBA</FONT>
<BR><FONT SIZE=3D2>Audit Commission</FONT>
<BR><FONT SIZE=3D2>+44 117 975 7805=3D20</FONT>
</P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: GKor@xxxxxx=3D20</FONT>
<BR><FONT SIZE=3D2>> Sent: 18 February 2004 09:43</FONT>
<BR><FONT SIZE=3D2>> To: GKor@xxxxxx; oracle-l@xxxxxxxxxxxxx</FONT>
<BR><FONT SIZE=3D2>> Subject: windows authentication</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> hi all=3D20</FONT>
<BR><FONT SIZE=3D2>> What is my alternative to the following =
situation :</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> database users are configured externally =
with=3D20</FONT>
<BR><FONT SIZE=3D2>> remote_os_authent=3D3Dtrue , so that</FONT>
<BR><FONT SIZE=3D2>> the db users connect with /@connectstring</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> This is not secure, i know. But what is a better =
(more=3D20</FONT>
<BR><FONT SIZE=3D2>> secure) solution</FONT>
<BR><FONT SIZE=3D2>> without troubling about entering =
passwords.</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> W2k with Oracle 8174</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> Thanks</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> vr.gr.</FONT>
<BR><FONT SIZE=3D2>> G.g. Kor</FONT>
<BR><FONT SIZE=3D2>> Sr. System Engineer I&DM Db</FONT>
<BR><FONT SIZE=3D2>> RDW Voertuiginformatie en -toelating=3D20</FONT>
<BR><FONT SIZE=3D2>> Ict Bedrijf</FONT>
<BR><FONT SIZE=3D2>> Hollland</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>> =
----------------------------------------------------------------</FONT>
<BR><FONT SIZE=3D2>> Please see the official ORACLE-L FAQ: <A =
HREF=3D"http://www.orafaq.com";>http://www.orafaq.com</A></FONT>
<BR><FONT SIZE=3D2>> =
----------------------------------------------------------------</FONT>
<BR><FONT SIZE=3D2>> To unsubscribe send email to: =
oracle-l-request@xxxxxxxxxxxxx</FONT>
<BR><FONT SIZE=3D2>> put 'unsubscribe' in the subject line.</FONT>
<BR><FONT SIZE=3D2>> --</FONT>
<BR><FONT SIZE=3D2>> Archives are at <A =
HREF=3D"//www.freelists.org/archives/oracle-l/";>http://www.freelists=
.org/archives/oracle-l/</A></FONT>
<BR><FONT SIZE=3D2>> FAQ is at <A =
HREF=3D"//www.freelists.org/help/fom-serve/cache/1.html";>http://www.=
freelists.org/help/fom-serve/cache/1.html</A></FONT>
<BR><FONT SIZE=3D2>> =
-----------------------------------------------------------------</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
<BR><FONT SIZE=3D2>>=3D20</FONT>
</P>
<BR>
<BR>
<P><FONT =
SIZE=3D2>****************************************************************=
******</FONT>
<BR><FONT SIZE=3D2>This email contains information intended for</FONT>
<BR><FONT SIZE=3D2>the addressee only. It may be =
confidential</FONT>
<BR><FONT SIZE=3D2>and may be the subject of legal and/or</FONT>
<BR><FONT SIZE=3D2>professional privilege. Any =
dissemination,</FONT>
<BR><FONT SIZE=3D2>distribution, copyright or use of this</FONT>
<BR><FONT SIZE=3D2>communication without prior permission of</FONT>
<BR><FONT SIZE=3D2>the sender is strictly prohibited.</FONT>
<BR><FONT =
SIZE=3D2>****************************************************************=
******</FONT>
</P>
<P><FONT =
SIZE=3D2>----------------------------------------------------------------=
</FONT>
<BR><FONT SIZE=3D2>Please see the official ORACLE-L FAQ: <A =
HREF=3D"http://www.orafaq.com";>http://www.orafaq.com</A></FONT>
<BR><FONT =
SIZE=3D2>----------------------------------------------------------------=
</FONT>
<BR><FONT SIZE=3D2>To unsubscribe send email to: =
oracle-l-request@xxxxxxxxxxxxx</FONT>
<BR><FONT SIZE=3D2>put 'unsubscribe' in the subject line.</FONT>
<BR><FONT SIZE=3D2>--</FONT>
<BR><FONT SIZE=3D2>Archives are at <A =
HREF=3D"//www.freelists.org/archives/oracle-l/";>http://www.freelists=
.org/archives/oracle-l/</A></FONT>
<BR><FONT SIZE=3D2>FAQ is at <A =
HREF=3D"//www.freelists.org/help/fom-serve/cache/1.html";>http://www.=
freelists.org/help/fom-serve/cache/1.html</A></FONT>
<BR><FONT =
SIZE=3D2>----------------------------------------------------------------=
-</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_003_01C3F605.41759480--
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
