Home » RDBMS Server » Security » Anonymous User
Anonymous User [message #254364] Thu, 26 July 2007 10:21 Go to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
On a default installation of Oracle 10g.

select username,password,account_status from dba_users;

This shows me a user name Anonymous with password anonymous and status Expired and Locked.
When i tried to connect to the database using
connect anonymous as sysdba and password as anonymous it works

Is it not a security risk?

[Updated on: Thu, 26 July 2007 10:44]

Report message to a moderator

Re: Anonymous User [message #254367 is a reply to message #254364] Thu, 26 July 2007 10:45 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
No, because if you try to connect with "whatever as sysdba" and password "idontcare" it also works.

Regards
Michel
Re: Anonymous User [message #254374 is a reply to message #254367] Thu, 26 July 2007 11:07 Go to previous messageGo to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Thanks

Yes i can connect with anything as sysdba and any password and when i issue show user; it shows me as user SYS.
Then whats the difference connecting sys as sysdba? when i can connect with any username as sys
Re: Anonymous User [message #254377 is a reply to message #254374] Thu, 26 July 2007 11:11 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
This is because you are in the OS dba group.
Any user in this OS group can connect AS SYSDBA without authentication.
When you are not in this OS group, then you have to connect with a user which have been granted SYSDBA privilege (as SYS).

Regards
Michel
Re: Anonymous User [message #254378 is a reply to message #254377] Thu, 26 July 2007 11:13 Go to previous message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Thanks

Also i found the detailed answer from previous post message #132667
Previous Topic: Re: Username & Password for Oracle 9i
Next Topic: Transparent Data Encryption
Goto Forum:
  


Current Time: Thu Mar 28 15:43:21 CDT 2024