Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> disable logon as sysdba without password
        
(Message started by: Pete Finnigan on Jan 5th, 2011, 1:06pm)
Title: disable logon as sysdba without password
Post by Pete Finnigan on Jan 5th, 2011, 1:06pm
Hi,
I would like to prevent users which can "su" to oracle user account (root users) to logon to oracle as sysdba.
I know I can do this by setting SQLNET.AUTHENTICATION_SERVICES=NONE in sqlnet.ora but it can be changed.
I can monitor hash of sqlnet.ora file and send a mail if it change, however this approach also has weaknesses.

Regards,
Boris
Title: Re: disable logon as sysdba without password
Post by Pete Finnigan on Jan 13th, 2011, 3:15pm
Of course SQLNET.AUTHENTICATION_SERVICES=NONE can be circumvent with local TNS_ADMIN  :(

Regards,
Boris


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board