Home » RDBMS Server » Security » Login as sysdba (oracle 10.2.0.1.0,Redhat Linux 4)
Login as sysdba [message #439449] Sat, 16 January 2010 23:52 Go to next message
goracle9
Messages: 136
Registered: December 2006
Senior Member
Dear All,

when login in production server like
$ sqlplus / as sysdba


it's not asking password, i feel this is insequre
let me know how to sequre the database from unauthorised person

thanks.
regards
Re: Login as sysdba [message #439452 is a reply to message #439449] Sun, 17 January 2010 00:51 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Remove them from the (sys)dba OS group.

Regards
Michel
Re: Login as sysdba [message #439453 is a reply to message #439452] Sun, 17 January 2010 01:13 Go to previous messageGo to next message
goracle9
Messages: 136
Registered: December 2006
Senior Member
Mr.Michel

Remove them from the (sys)dba OS group.


i dont understand please, explain steps

thanks
Re: Login as sysdba [message #439454 is a reply to message #439453] Sun, 17 January 2010 01:23 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
At OS prompt, type "groups", all users are in a group defined at Oracle installation generically named SYSDBA OS group and which is usually named "dba" but it is not mandatory (as I said you choose it at installation time). Remove your users from this OS group.

Regards
Michel

[Updated on: Sun, 17 January 2010 01:23]

Report message to a moderator

Re: Login as sysdba [message #439478 is a reply to message #439453] Sun, 17 January 2010 08:19 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
In addition to what Michel mentioned, if removing the user(s) from the dba group isn't an option, you could ensure that SYSDBA is prompted for a password by setting the following in the sqlnet.ora file:

sqlnet.authentication_services=NONE

Re: Login as sysdba [message #483943 is a reply to message #439478] Thu, 25 November 2010 15:02 Go to previous messageGo to next message
oracula
Messages: 2
Registered: November 2010
Junior Member
remember that if the DBA has access to this sqlnet.ora, he can any time change definition back to be able logon without password.

DBA can also redefine enviroment variable TNS_ADMIN refering to own sqlnet.ora file
Re: Login as sysdba [message #483956 is a reply to message #483943] Thu, 25 November 2010 20:28 Go to previous message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>DBA can also redefine enviroment variable TNS_ADMIN refering to own sqlnet.ora file
ANYONE can define TNS_ADMIN for their own process.
Previous Topic: Database Hardening
Next Topic: Is it possible to create a new directory on linux fs from oracle
Goto Forum:
  


Current Time: Thu Mar 28 19:45:24 CDT 2024