on 12-10-2008 8:56 AM
Hi All,
We are running SAP on oracle 9i and o/s AIX. In our oracle database the parameter REMOTE_OS_AUTHENT is true. Is there any danger of this? Can o/s and SAP user can login remotely on database?
Another question is PRODUCT_PROFILE table is empty. Is there any drawback of this?
And last one is that DBA_TAB_PRIVS table, the public role has assigned execute access to number of tables.
Thanks in advance.
Harish
Hi Harish,
as usual, reading the documentation helps a great deal.
"REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the value of the OS_AUTHENT_PREFIX parameter."
Change this parameter to FALSE and you basically disable the OPS$-connect mechanism of the disp+work processes. No workprocess can logon to the database anymore (of course you can argue that this improves security to the database in a way...)
PRODUCT_PROFILE table - is only evaluated by the SQL-tools of Oracle.
If the database is actually accessible from any other host than the DBA-console and the SAP application servers, then you should not waste time thinking about this table...
PUBLIC access to tables - some access is always necessary. For example the database catalog.
Without catalog access there cannot be parsing, which means no queries.
So better than restricting what public can do is to restrict who can logon to the database in the first place.
regards,
Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lars,
Thanks very much for the prompt reply.
But I have again question about the PRODUCT_PROFILE table that if it empty does it a issue security point of view.
I would like to mentioned that we don't have any database user created in oracle databse accept default/standard user.
Is there any security issue if parameter REMOTE_OS_AUTHENT is true, PRODUCT_PROFILE table is empty and DBA_TAB_PRIVS table, the PUBLIC role has been assigned EXECUTE. Even we don't any user who has access to oracle database.
Thanks in advance.
Harish
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.