WebApp Sec mailing list archives
Oracle External Users
From: "Damien Lewis" <dwlewis () comcast net>
Date: Sun, 4 Dec 2005 20:07:47 -0500
Hello, I'm in the process of reviewing a list of users (DBA_USERS table) from an Oracle Database and have come across several accounts with the PASSWORD field being "EXTERNAL". It is my understanding that these accounts are authenticated by the operating system, but how exactly do you go about authenticating using this account (i.e. could I conect via SQL Plus or an ODBC connection) and is there any other control(s) within Oracle that would prevent any user from creating a user id that matches the account name in DBA_USERS table on another computer and logging in as that user to the Oracle database? Thanks D
Current thread:
- Oracle External Users Damien Lewis (Dec 05)
- Re: Oracle External Users bug (Dec 06)
- <Possible follow-ups>
- RE: Oracle External Users Amichai Shulman (Dec 06)