Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Aug 21st, 2018, 6:39am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security
(Moderator: Pete Finnigan)
   disable logon as sysdba without password
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: disable logon as sysdba without password  (Read 5188 times)
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
disable logon as sysdba without password
« on: Jan 5th, 2011, 1:06pm »
Quote | Modify

Hi,
I would like to prevent users which can "su" to oracle user account (root users) to logon to oracle as sysdba.
I know I can do this by setting SQLNET.AUTHENTICATION_SERVICES=NONE in sqlnet.ora but it can be changed.
I can monitor hash of sqlnet.ora file and send a mail if it change, however this approach also has weaknesses.
 
Regards,
Boris
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: disable logon as sysdba without password
« Reply #1 on: Jan 13th, 2011, 3:15pm »
Quote | Modify

Of course SQLNET.AUTHENTICATION_SERVICES=NONE can be circumvent with local TNS_ADMIN  Sad
 
Regards,
Boris
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board