It only exists if the Oracle Agent is running. In my case, it (the agent) is not running, so I don't have the file. (and I'm on NT, so we all know, there is no protection required! :) )
Tom Mercadante Oracle Certified Professional -----Original Message----- Sent: Thursday, January 31, 2002 1:26 PM To: Multiple recipients of list ORACLE-L change it in snmp.ora which is in clear text on the Unix server..... protect that file! --- "Mercadante, Thomas F" <[EMAIL PROTECTED]> wrote: > Hey All, > > Anyone remember how to change the DBSNMP password? I know I can > change it > in the db easily enough, but how does the server/DBSNMP listener > process > know what the new password is? Must be stored in an OS file > someplace. > > I was just poking around trying to figure it out. The docs have the > answer > hidden someplace and Google is not responding to search requests. > > Just curious. > > And Jim, the first thing I do when I come upon an instance with these > "default" accounts established, is to lock them (alter user account > lock) so > that someone cannot connect using them. > > Thanks! > > Tom Mercadante > Oracle Certified Professional > > > -----Original Message----- > Sent: Thursday, January 31, 2002 11:43 AM > To: Multiple recipients of list ORACLE-L > > > Speaking of default accounts with default passwords, here is my list > that I > check for. Anyone want to compare notes :) i.e. have I missed any? > > Thanks, > > Jim > > > perfstat/perfstat > TRACESVR ??? is only used with 7.x Databases > REPADMIN ??? > CTXSYS/CTXSYS > DBSNMP/DBSNMP > INTERNAL/ORACLE > MDSYS/MDSYS > MTSSYS/MTSSYS > ORDPLUGINS/ORDPLUGINS > ORDSYS/ORDSYS > OUTLN/OUTLN > SYS/CHANGE_ON_INSTALL > SYSTEM/MANAGER > SCOTT/TIGER > > > > > -----Original Message----- > Kirti > Sent: 31 January 2002 15:25 > To: Multiple recipients of list ORACLE-L > > > Stephane, > Thanks. Yes, we are properly fenced.... > None of the databases have those default accounts with default > passwords. > We do not use OEM and that agent. Passwords of critical accounts get > changed > regularly and often. Database user ids are generated & approved by > Data > Security group before DBAs can add them to databases (so others do > not know > and can not guess who has what id), and they request reports of > access > privileges when least expected. > So, it's all how you manage your set up. When I joined this company > I was > going nuts about such things (remote_os_authent, default links by > virtue of > Oracle Names etc), but as I learned the environment I was > comfortable.. And > it is helping us more than creating problems and concerns. > > Cheers ! > > - Kirti > > -----Original Message----- > Sent: Thursday, January 31, 2002 2:20 AM > To: Multiple recipients of list ORACLE-L > > > "Deshpande, Kirti" wrote: > > > > We use REMOTE_OS_AUTHENT in many of our databases. I know we > shouldn't do > > this, but we have to, and that's another topic... > > > > We also use a specific auth prefix. > > > > Now, can someone show me how a Windoze user, 'GOD' get in the > database > when > > I do not have a user, '<Auth_Prefix>GOD' in my database. > > > > I say, I have nothing to worry about this setup as long as 'GOD' > user in > my > > database is controlled appropriately via roles, grants, profile > etc.... > > > > Sure, if I had <auth_prefix>GOD in the database, I will be looking > for > > another job.... > > Right? > > > > - Kirti > > > > The problem as I see it is that it's fairly easy to get the names of > users on a database. The number of databases you can connect to using > dbsnmp/dbsnmp or outln/outln is desperately high, and from there you > can > query ALL_USERS. I must say that I am truly hopeless with any > Microsoft > OS, so you could safely let me with admin rights on the box when I > feel > at my most mischievous. But imagine I come with Linux on my laptop, I > plug (like many 'nomad' users often do) into your network, manage to > connect (as a less-than-nothing user), check the user list, spot > something looking like a prefix, and use this information to add with > linuxconf a suitably named account to my machine? I am certain that > in > your case everything is correctly fenced, but I have met many many > many > databases where the standard in terms of grants was 'TO PUBLIC', and > where database links were PUBLIC as well, and usually connected to > the > other database as the owner of most tables (even as DBA). > IMHO, if you really want to be secure, you must first know Oracle and > your environment well, and also audit sensitive information. > > -- > Regards, > > Stephane Faroult > Oriole Ltd > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Stephane Faroult > INET: [EMAIL PROTECTED] > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Deshpande, Kirti > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing > Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: James McCann > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing > Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Mercadante, Thomas F > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing > Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). === message truncated === __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mercadante, Thomas F INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).