externaly identified [message #303697] |
Sun, 02 March 2008 02:08 |
Bobby_007
Messages: 4 Registered: March 2008
|
Junior Member |
|
|
Hello all,
I have a user created with dba privilege which is identified externally on the oracle server on Unix.
I would like to connect to the same user using toad/ sqlplus from clinet machine? How do I do that?
It always asks for the password.
Please reply ASAP...
Many thanks in advance.
|
|
|
|
Re: externaly identified [message #303733 is a reply to message #303697] |
Sun, 02 March 2008 08:38 |
Bobby_007
Messages: 4 Registered: March 2008
|
Junior Member |
|
|
Hi Michel,
I did not get you at all?
I am sure that should be a way to work using toad / and using SQL window on client machine using the login which is identified externally?
Just think about it, I do not have access to unix machine where database resides, I have been given a login which is identified externally and have been asked to run queries using either toad / SQL*Plus. How would I login to Toad/SQL*Plus?
Regards,
Bobby
|
|
|
Re: externaly identified [message #303735 is a reply to message #303733] |
Sun, 02 March 2008 08:46 |
|
Michel Cadot
Messages: 68676 Registered: March 2007 Location: Nanterre, France, http://...
|
Senior Member Account Moderator |
|
|
Ask your DBA to give you an account with password.
Allowing "/" connection from a remote machine is one of the greatest security holes.
Think about it. Anyone knowing your account name can connect from any machine without giving a password. What can be worst? Giving you DBA privileges.
If any DBA allows this in my place I immediatly ask for him to be fired.
Regards
Michel
[Updated on: Sun, 02 March 2008 08:48] Report message to a moderator
|
|
|
Re: externaly identified [message #303739 is a reply to message #303697] |
Sun, 02 March 2008 09:58 |
Bobby_007
Messages: 4 Registered: March 2008
|
Junior Member |
|
|
Hi Michel,
Thanks a log for your reply and I understand the security concern you poiting out here and that is very much appreciated.
But is it really possbile to use any account which identified externally (may be not with DBA privileges) to use in Toad / SQL*Plus ?
Thanks a lot for your interest in the post.
Regards,
Bobby
|
|
|
|
Re: externaly identified [message #303749 is a reply to message #303697] |
Sun, 02 March 2008 11:53 |
Bobby_007
Messages: 4 Registered: March 2008
|
Junior Member |
|
|
Hi Michel,
That was too brief answer for me to understand.
Can you please explain in detail or may be with an example which will allow me to connec to toad.
Many thanks in advance.
Bobby
|
|
|
|
Re: externaly identified [message #303788 is a reply to message #303754] |
Sun, 02 March 2008 20:04 |
rleishman
Messages: 3728 Registered: October 2005 Location: Melbourne, Australia
|
Senior Member |
|
|
I for one would be very interested in how to do this.
It is my understanding that you can ONLY connect to externally authenticated accounts FROM THE SERVER. If you are running Oracle on Windows and using TOAD (locally) on the same machine, it may be possible, but that's not what you are talking about.
I read something a while ago about proxy authentication, but I got confused and stopped reading. It may be relevant, maybe not.
Until Michel posts a nice counter-example, I'm going to stick with my current understanding that you cannot connect remotely to an externally authenticated account.
Ross Leishman
|
|
|
|
|
|
Re: externaly identified [message #304321 is a reply to message #304099] |
Tue, 04 March 2008 20:16 |
rleishman
Messages: 3728 Registered: October 2005 Location: Melbourne, Australia
|
Senior Member |
|
|
So, pretty much anyone inside your company firewall with Admin rights on their PC can install the Oracle Net client, create a local Windows user, and access an externally authenticated account.
Nice.
|
|
|
Re: externaly identified [message #304359 is a reply to message #304321] |
Wed, 05 March 2008 00:18 |
|
Michel Cadot
Messages: 68676 Registered: March 2007 Location: Nanterre, France, http://...
|
Senior Member Account Moderator |
|
|
Exactly! So my remarks on security and what I will do to a DBA that let this in one of his databases.
Regards
Michel
|
|
|