Exploring Oracle November 2004 and REMOTE_OS_AUTHENT">Post on ORACLE-L : Exploring Oracle November 2004 and REMOTE_OS_AUTHENT
Jared sounds amazed at this tip which suggests setting REMOTE_OS_AUTHENT to TRUE to allow remote connections from a server other than the server Oracle is running on and creating an externally identified user.
I have not seen this edition so have not seen the exact text but like Jared i would suggest that this is a tip that should definitely not be followed. Allowing remote operating system authentication will allow anyone with a server (laptop, PC, whatever) connected to the network on which the database resides to spoof the database connection and gain access to your data without a password.
If you read this tip beware, allowing REMOTE_OS_AUTHENTICATION=TRUE to be set is going against basic Oracle security 101.
There has been 1 Comment posted on this article