Database Administration (MOSC)

MOSC Banner

Security issue (advice please)

edited Jun 19, 2012 9:27AM in Database Administration (MOSC) 8 commentsAnswered ✓
Hello.I have some db security issue. I have oracle db (11.2) installed on OL6.2, after usual install and some tune, i can access db from console typing "sqlplus / as sysdba" without password, this is normal.
Today I've done some testing, i created use "john", and connect to db as "john" with password, after that i run "!bash" and got to bash console, after that i run "sqlplus / as sysdba" and of course logged on to db without password.
Now the question, ho to prevent such behavioral.

Sure, I can put  SQLNET.AUTHENTICATION_SERVICES=(NONE) to sqlnet.ora, but oracle user can edit this file, even if i ask Sysadmin to set permission to root (because oracle is owner of $ORACLE_HOME/network/admin directory).

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center