Problem solve Get help with specific problems with your technologies, process and projects.

Security holes opened by logging on with 'as sysdba'

Why is it that in SQL*Plus, whenever you login as any user with "as sysdba" on it, it allows you to login on the Oracle database? How can I secure my Oracle server? Can you please help me on this?

To verify this, I performed the following:

SQL> connect peasland as sysdba
Enter password: 
The PEASLAND user has never been granted SYSDBA privileges, so on the surface, this never should have happened. But I launched SQL*Plus as a "privileged" user in the first place. My database is running on a Unix server. I signed on to the Unix server as a member of the 'dba' group. If I was on a Windows server, I would need to sign on as a member of the 'ora_dba' group. Anyone who is signed on to the database server and is a member of this group can connect to the database as SYSDBA using any userid. This only becomes a security hole if you place users who should not have this privilege in that specific group. Only Database Administrator OS accounts should be part of these groups. Regular users should not be granted permissions for this group. If a regular user attempts the same commands above, they would be given an error message indicating that they do not have sufficient permissions. Also note that this only pertains to those accounts that log in directly to the database server. If someone is connecting to the database from a remote workstation, this operation will not work.

For More Information

Dig Deeper on Oracle database design and architecture

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.