Home » RDBMS Server » Security » Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ??
Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415804] Wed, 29 July 2009 06:29 Go to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Dear All ,

I have a question, While doing OS authentication, is
it a security risk to keep os_authent_perfix to a null value?

Please let me know how ?



Thanks
Suren

Report message to a moderator

Re: Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415809 is a reply to message #415804] Wed, 29 July 2009 06:46 Go to previous messageGo to next message
Michel Cadot
Messages: 68636
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Yes there is a risk you create an account for a DB user that has the same name than a OS user but you don't want to create a DB account for this OS account.

Regards
Michel

Report message to a moderator

Re: Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415856 is a reply to message #415804] Wed, 29 July 2009 09:43 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
If OS_AUTHENT_PREFIX is set to null, then as Michel mentioned, there would be a risk, however, you'd have to create the database user specifically with IDENTIFIED EXTERNALLY.

Report message to a moderator

Re: Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415869 is a reply to message #415856] Wed, 29 July 2009 10:29 Go to previous messageGo to next message
Michel Cadot
Messages: 68636
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
you'd have to create the database user specifically with IDENTIFIED EXTERNALLY.

Not if the user is member of OS dba group.

Regards
Michel

Report message to a moderator

Re: Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415874 is a reply to message #415869] Wed, 29 July 2009 10:39 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
Michel Cadot wrote on Wed, 29 July 2009 11:29

Not if the user is member of OS dba group.

Well sure, in that case OS_AUTHENT_PREFIX is a moot point.

Report message to a moderator

Re: Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415876 is a reply to message #415874] Wed, 29 July 2009 10:44 Go to previous messageGo to next message
Michel Cadot
Messages: 68636
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Not really.
If OS_AUTHENT_PREFIX is set to something, the user has to connect as sysdba and so on which is audited.
Without he can connect with this account (which may not be his own) and do some unaudited and illegal stuff.

Regards
Michel

Report message to a moderator

Re: Keeping OS_AUTHENTICATION_PREFIX a null, Is this a security risk ?? [message #415879 is a reply to message #415876] Wed, 29 July 2009 10:56 Go to previous message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
As a member of the dba group, the connection as SYSDBA will be audited, but the user can still do nefarious stuff and not be audited unless AUDIT_SYS_OPERATIONS is set and/or auditing is in place.

Nevertheless, if a user is part of the O/S dba group, then it is irrelevant to what OS_AUTHENT_PREFIX is set to.

Report message to a moderator

Previous Topic: FGA - AUDIT FILES
Next Topic: How to extract privilege report from Oracle?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Apr 16 11:17:45 CDT 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.