Why are OPS$ accounts a security risk in a client/server environment? (for DBA
ORACLE Interview Questions and Answers (Part 2)
(Continued from previous question...)
197. Why are OPS$ accounts a security risk in a client/server environment? (for DBA
If you allow people to log in with OPS$ accounts from Windows Workstations, you cannot be sure who they really are. With terminals, you can rely on operating system passwords, with Windows, you cannot.
If you set REMOTE_OS_AUTHENT=TRUE in your init.ora file, Oracle assumes that the remote OS has authenticated the user.
If REMOTE_OS_AUTHENT is set to FALSE (recommended), remote users will be unable to connect without a password. IDENTIFIED EXTERNALLY will only be in effect from the local host. Also, if you are using "OPS$" as your prefix, you will be able to log on locally with or without a password, regardless of whether you have identified your ID with a password or defined it to be IDENTIFIED EXTERNALLY.
(Continued on next question...)
Other Interview Questions
|