Home » RDBMS Server » Security » protect from unauthorise user
protect from unauthorise user [message #462226] Wed, 23 June 2010 04:28 Go to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
hi to all,

i ve an query i.e.

when i m firing a command sqlplus "/as sysdba" any user who dont knw the password can connect with it and instance startup.i want to protect from unauthorise user who dnt knw the password of sys cannot connect with it?

Is it possible?

if yes then how?

could any one ve any idea?
Re: protect from unauthorise user [message #462234 is a reply to message #462226] Wed, 23 June 2010 04:45 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Not any user but only users that are the OS (sys)dba group.
So don't put any user in this group.

If you want to completly forbid "/ as sysdba" connection then use the following in your server sqlnet.ora file:
SQLNET.AUTHENTICATION_SERVICES = (none)

Regards
Michel

[Updated on: Wed, 23 June 2010 04:45]

Report message to a moderator

Re: protect from unauthorise user [message #462404 is a reply to message #462226] Thu, 24 June 2010 02:37 Go to previous messageGo to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
@Michael

thanks fr your reply..I ve already do this.I ve set the parameter
sqlnet.authentication_services=none.after that when i m firing a command sqlplus "/as sysdba". It gives error i.e.insufficient priviledge.nw I want to start an instance.

wht should i do to start an instance?
Re: protect from unauthorise user [message #462414 is a reply to message #462404] Thu, 24 June 2010 03:19 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Now you have to give the password, wasn't this your requirement?

Regards
Michel

[Updated on: Thu, 24 June 2010 05:29]

Report message to a moderator

Re: protect from unauthorise user [message #462451 is a reply to message #462414] Thu, 24 June 2010 05:27 Go to previous messageGo to next message
Littlefoot
Messages: 21806
Registered: June 2005
Location: Croatia, Europe
Senior Member
Account Moderator
LOL, amazing /forum/fa/7827/0/

- Everyone can enter my apartment, but I don't like it. What should I do?
- Lock the door.
- Yes, now it works great. But - I can't enter either. What now?
- Use a key. Wasn't that your requirement?
/forum/fa/917/0/
Re: protect from unauthorise user [message #462455 is a reply to message #462451] Thu, 24 June 2010 05:38 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
Laughing
you can also lock the door from inside.

@ op You have to submit the username and passowrd.(If Oracle prmpt`s you).

sriram Smile
Re: protect from unauthorise user [message #462908 is a reply to message #462226] Mon, 28 June 2010 11:05 Go to previous messageGo to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
thanks all of you..

nw could u please tell me how cn i login through sys?
Re: protect from unauthorise user [message #462913 is a reply to message #462908] Mon, 28 June 2010 11:15 Go to previous messageGo to next message
cookiemonster
Messages: 13917
Registered: September 2008
Location: Rainy Manchester
Senior Member
With the password!!!!!!!

If you don't know what it is then you're going to have to go back to using sqlplus "/as sysdba".

And will you please stop using IM speak. Use proper words.
Re: protect from unauthorise user [message #462921 is a reply to message #462908] Mon, 28 June 2010 11:54 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
raina wrote on Mon, 28 June 2010 18:05
thanks all of you..

nw could u please tell me how cn i login through sys?

Please explain what you don't understand or explain your question.

Regards
Michel

Re: protect from unauthorise user [message #463211 is a reply to message #462226] Wed, 30 June 2010 04:28 Go to previous messageGo to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
@Michel

I have set the parameter sqlnet.authentication_services=(NONE) in sqlnet.ora file.After that when I m firing a command sqlplus "/as sqlplus".It shows error like insufficient priviledge.Now i want to know how can I start an instance?

Is it possible to remove only sys user from ora_dba group?

If yes then how?

[Updated on: Wed, 30 June 2010 04:34]

Report message to a moderator

Re: protect from unauthorise user [message #463213 is a reply to message #463211] Wed, 30 June 2010 04:33 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
C:\Documents and Settings\sriram>TYPE C:\oracle\product\10.2.0\db_3\network\admin\sqlnet.ora
# sqlnet.ora Network Configuration File: C:\oracle\product\10.2.0\db_3\network\admin\sqlnet.ora
# Generated by Oracle configuration tools.

# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.

SQLNET.AUTHENTICATION_SERVICES= (NONE)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)



C:\Documents and Settings\sriram>SQLPLUS / AS SYSDBA

SQL*Plus: Release 10.2.0.1.0 - Production on Wed Jun 30 15:05:50 2010

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:
ORA-01031: insufficient privileges


Enter user-name: SYS AS SYSDBA
Enter password:                 ---Enter Your Password Here

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL>

[Updated on: Wed, 30 June 2010 04:34]

Report message to a moderator

Re: protect from unauthorise user [message #463216 is a reply to message #462226] Wed, 30 June 2010 04:43 Go to previous messageGo to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
I have alredy tried this.Its working.It is useful if only one database is running on your computer.If two database is running on a same computer then another will not work because we have set the parameter sqlnet.authentucation_services=(NONE) in sqlnet.ora file.
Re: protect from unauthorise user [message #463219 is a reply to message #463211] Wed, 30 June 2010 04:49 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
raina wrote on Wed, 30 June 2010 11:28
@Michel

I have set the parameter sqlnet.authentication_services=(NONE) in sqlnet.ora file.After that when I m firing a command sqlplus "/as sqlplus".It shows error like insufficient priviledge.Now i want to know how can I start an instance?

Is it possible to remove only sys user from ora_dba group?

If yes then how?

Post what you want EXACTLY!

Regards
Michel

Re: protect from unauthorise user [message #463222 is a reply to message #463219] Wed, 30 June 2010 05:06 Go to previous messageGo to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
I want that only I can able to start an instance.not other person.when I m firing a command sqlplus.It asked for username and password that password only I knw andIt works for all databases which are running on same computer.
Re: protect from unauthorise user [message #463223 is a reply to message #463222] Wed, 30 June 2010 05:10 Go to previous messageGo to next message
cookiemonster
Messages: 13917
Registered: September 2008
Location: Rainy Manchester
Senior Member
And Michel's suggestion stops you from doing this how?
Re: protect from unauthorise user [message #463225 is a reply to message #463222] Wed, 30 June 2010 05:14 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
raina wrote on Wed, 30 June 2010 12:06
I want that only I can able to start an instance.not other person.when I m firing a command sqlplus.It asked for username and password that password only I knw andIt works for all databases which are running on same computer.

Don't understand.
Explain with examples showing ALL cases you want.

Regards
Michel

Re: protect from unauthorise user [message #463227 is a reply to message #463225] Wed, 30 June 2010 05:18 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
Quote:
I want that only I can able to start an instance.not other person.when I m firing a command sqlplus.It asked for username and password that password only I knw andIt works for all databases which are running on same computer

I am totally confused with this statement

sriram
Re: protect from unauthorise user [message #463232 is a reply to message #462226] Wed, 30 June 2010 05:30 Go to previous messageGo to next message
raina
Messages: 10
Registered: June 2010
Location: new delhi
Junior Member
example:

sqlplus sqlnet.authentication_services=(NONE)
after that
sql>sqlplus "/as sysdba"

error: insufficient priviledge

when i m trying again with sys password like this
sql>sqlplus sys/sys as sysdba

it gives error
error: insufficicent priviledge.

I want to connect sys with my own password.could you please tell me how can I connect with sys..I hope now its clear to you.




Re: protect from unauthorise user [message #463259 is a reply to message #463232] Wed, 30 June 2010 07:42 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Don't say what you have, COPY AND PASTE it.
And still:
Quote:
Explain with examples showing ALL cases you want.

Which means:
- "connect / as sysdba" allowed or not? for all users or some?
- "connect sys/psw as sysdba" allowed or not? for all users or some?

Regards
Michel
Re: protect from unauthorise user [message #463265 is a reply to message #463219] Wed, 30 June 2010 07:57 Go to previous message
mikerault
Messages: 21
Registered: June 2010
Location: Alpharetta, Ga
Junior Member
Have you tried just resetting the ORACLE_SID variable? Or using the proper connect string for whatever database you want to start or stop?

Mike
Previous Topic: need to create a user with access to only two tables
Next Topic: How to rename a user
Goto Forum:
  


Current Time: Fri Mar 29 05:11:57 CDT 2024