Re: installed users
Knowing Oracle 9.2 database creation locks some users:
dbms_websearch.metalink('lock default users') included
131752.1 and 160861.1 => reading suggested 'lock outln' search,
which included 234712.1 and 207959.1 (All About Security).
Have Fun :)
Rachel Carmichael wrote:
hm, when I did the metalink search I got nothing -- what keyword did
you use? sometimes it's all in the creativity of the search :)
We did NOT create the databases at the time of install. at least, I
don't think they did, it was done by a hosting company and the other
dba (this is the person who let them install and create production
databases at 9.2.0.2 when development was at 9.2.0.1!)
Okay, but does CTXSYS *really* need DBA privs? off to check the
notes...
Thanks!
--- Chip <[EMAIL PROTECTED]> wrote:
dbms_websearch.metalink => 234712.1 160861.1 131752.1
From 160861.1:
MDSYS, ORDSYS, CTXSYS, and ORDPLUGINS are created to support Oracle
Intermedia.
Have Fun :)
Jacques Kilchoer wrote:
ctxsys - intermedia text (the old Context text cartridge)
ordsys - intermedia data types for storing of audio and video data
mdsys - data types for storing of spatial data
I think that in 9.0 and 9.2, by default those users are created with
expired and locked logins.
-Original Message-
From: Rachel Carmichael [mailto:[EMAIL PROTECTED]
I've started a project to review all users in all our databases and
remove unused/unnecessary users or at the very least restrict the
privileges they have to the minimal ones they need. In several of
the
databases there are both ORDSYS and CTXSYS. From what I've
been able to
find out by running the above procedures, ORDSYS is for Intermedia.
I
could have sworn CTXSYS was the Intermedia account. So... is there
a
manual I've missed that tells me exactly which of these two I have
to
have in my databases and why?
In addition, I know you have to install Spatial Option as part of
an
Oracle installation, even if you don't want to use it. Some of
these
databases also have the account MDSYS, some don't. All but one are
9iR2. We don't use Spatial. The two databases that have this
account
(8.1.7.4 and 9.2.0.2) both use Intermedia. Does that have something
to
do with it? I don't want to remove an account I need, but I don't
want
to leave ones I don't need in the databases.
Let's not even begin to talk about the fact that just about EVERY
user
seems to have "unlimited tablespace" priv.
This is not going to be pretty, easy or clean. But I will have
secure
databases. Except of course, every app has a configuration file in
which they hard-code the passwords. Sigh
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Chip
INET: [EMAIL PROTECTED]
Fat City Network Services-- 858-538-5051 http://www.fatcity.com
San Diego, California-- Mailing list and web hosting services
-
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Chip
INET: [EMAIL PROTECTED]
Fat City Network Services-- 858-538-5051 http://www.fatcity.com
San Diego, California-- Mailing list and web hosting services
-
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Re: installed users
hm, when I did the metalink search I got nothing -- what keyword did you use? sometimes it's all in the creativity of the search :) We did NOT create the databases at the time of install. at least, I don't think they did, it was done by a hosting company and the other dba (this is the person who let them install and create production databases at 9.2.0.2 when development was at 9.2.0.1!) Okay, but does CTXSYS *really* need DBA privs? off to check the notes... Thanks! --- Chip <[EMAIL PROTECTED]> wrote: > dbms_websearch.metalink => 234712.1 160861.1 131752.1 > > From 160861.1: > > MDSYS, ORDSYS, CTXSYS, and ORDPLUGINS are created to support Oracle > Intermedia. > > > Have Fun :) > > Jacques Kilchoer wrote: > > >ctxsys - intermedia text (the old Context text cartridge) > >ordsys - intermedia data types for storing of audio and video data > >mdsys - data types for storing of spatial data > > > >I think that in 9.0 and 9.2, by default those users are created with > expired and locked logins. > > > > > > > >>-Original Message- > >>From: Rachel Carmichael [mailto:[EMAIL PROTECTED] > >> > >>I've started a project to review all users in all our databases and > >>remove unused/unnecessary users or at the very least restrict the > >>privileges they have to the minimal ones they need. In several of > the > >>databases there are both ORDSYS and CTXSYS. From what I've > >>been able to > >>find out by running the above procedures, ORDSYS is for Intermedia. > I > >>could have sworn CTXSYS was the Intermedia account. So... is there > a > >>manual I've missed that tells me exactly which of these two I have > to > >>have in my databases and why? > >> > >>In addition, I know you have to install Spatial Option as part of > an > >>Oracle installation, even if you don't want to use it. Some of > these > >>databases also have the account MDSYS, some don't. All but one are > >>9iR2. We don't use Spatial. The two databases that have this > account > >>(8.1.7.4 and 9.2.0.2) both use Intermedia. Does that have something > to > >>do with it? I don't want to remove an account I need, but I don't > want > >>to leave ones I don't need in the databases. > >> > >>Let's not even begin to talk about the fact that just about EVERY > user > >>seems to have "unlimited tablespace" priv. > >> > >>This is not going to be pretty, easy or clean. But I will have > secure > >>databases. Except of course, every app has a configuration file in > >>which they hard-code the passwords. Sigh > >> > >> > > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Chip > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: installed users
dbms_websearch.metalink => 234712.1 160861.1 131752.1 From 160861.1: MDSYS, ORDSYS, CTXSYS, and ORDPLUGINS are created to support Oracle Intermedia. Have Fun :) Jacques Kilchoer wrote: ctxsys - intermedia text (the old Context text cartridge) ordsys - intermedia data types for storing of audio and video data mdsys - data types for storing of spatial data I think that in 9.0 and 9.2, by default those users are created with expired and locked logins. -Original Message- From: Rachel Carmichael [mailto:[EMAIL PROTECTED] I've started a project to review all users in all our databases and remove unused/unnecessary users or at the very least restrict the privileges they have to the minimal ones they need. In several of the databases there are both ORDSYS and CTXSYS. From what I've been able to find out by running the above procedures, ORDSYS is for Intermedia. I could have sworn CTXSYS was the Intermedia account. So... is there a manual I've missed that tells me exactly which of these two I have to have in my databases and why? In addition, I know you have to install Spatial Option as part of an Oracle installation, even if you don't want to use it. Some of these databases also have the account MDSYS, some don't. All but one are 9iR2. We don't use Spatial. The two databases that have this account (8.1.7.4 and 9.2.0.2) both use Intermedia. Does that have something to do with it? I don't want to remove an account I need, but I don't want to leave ones I don't need in the databases. Let's not even begin to talk about the fact that just about EVERY user seems to have "unlimited tablespace" priv. This is not going to be pretty, easy or clean. But I will have secure databases. Except of course, every app has a configuration file in which they hard-code the passwords. Sigh -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Chip INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
listener newbie
hi i has configured my listener but if i try to ping i get the error: target host or object does not exist. means the server in the config the database name or the computername i run ora8 on w2000 server thx martin -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: pfeffer INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: DECODE AND SELECT
Oracle 8i (8.1.6+) PL/SQL can use execute immediate for SQL with searched CASE expressions. Have Fun :) Nuno Souto wrote: - Original Message - I am in urgent need of backporting oracle9i pl/sql to oracle8i.I have encountered some case satements like this CASE when x>0 then (select y from deptno) else (select Z from emp) end i need to convert them to decode statements.Can anybody tell me how to write a select statement within decode. You already got some suggestions. But if you're backporting from 9i to 8i, don't bother: 8i supports CASE happily. At least in SQL... Cheers Nuno Souto [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Chip INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle security question
Don Interesting web site. Well, I think you have enough information from us. Now it is just some detective work. The next subject you need to review is backup and recovery. Keep the information in those databases secure. Dennis Williams DBA, 80%OCP, 100% DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Friday, July 11, 2003 5:14 PM To: Multiple recipients of list ORACLE-L Dennis Thank you very much. My data in that database is changed three times. The first is whole data being delete. The second is over ten thousands records being added. The third is whole data related to a month being deleted. I know my working environment is very complicated. For this report application, I write shell scripts and C/C++ program to parsing Apache web server access log file (www.welch.jhu.edu) in order to get client ip, access date, and host ip, which are associated with the special pattern as "ntlinktrack.cgi", which is associated with Library E-Book,E-Journal, and E-database. Then I need to schedule a solaris cron job to process access log daily and load parsed data into database. Also I create some log files for saving intermediate information from my program. Then I create some ColdFusion pages to post these results into website. In my database there are over million records. Oracle DBA is new duty for me since I had found that my data was missing. This is the reason I post my question on Oracle user group. Now I am trying to read as much as I can but I do not have much time. I want to make sure my database is secure as early as I can. So what do you think of my reason? Thank you very much! Don DENNIS WILLIAMS wrote: > Don > SYS is the owner of the Oracle dictionary tables. It is a username with > DBA privilege, so someone who logs in can change data. If you have changed > its password, then you are assured that nobody is using that username right > now. If you've changed its password, then I wouldn't worry about it right > now. > Since it sounds as if you are the only person that accesses this > database, then you may want to change the username that owns your tables. > Hopefully this username is not SYSTEM or SYS. > After that, unless you know of other usernames someone might use to > access your Oracle database, don't make any more security changes for > awhile. Go back to trying to figure out why your data is changing without > your changing it. It may well be there is an innocent reason that has > nothing to do with someone else. I've had that happen to me when I've > started using an unfamiliar system. > And don't forget to buy a good Oracle DBA book like the one I suggested. > > Dennis Williams > DBA, 80%OCP, 100% DBA > Lifetouch, Inc. > [EMAIL PROTECTED] > > > > -Original Message- > Sent: Friday, July 11, 2003 3:49 PM > To: Multiple recipients of list ORACLE-L > > Dennis: > > Thanks for your message. Now I have changed sys password by the following > command: > alter user sys identified by xxx > But when I try to login from sql plus window by using sys, I cannot > successfully > login. Also I get an error message. The message is something like > "connection to > sys should be as sysdba or sysoper". So my question is what sys for? > Thank you very much! > > Don > > DENNIS WILLIAMS wrote: > > > Don > >If only you can make updates to your Oracle database, then you must > enter > > all the data ;-) > >From the tone of your posting, I'm going to assume that you are pretty > > new to Oracle. You may want to get a good basic administration book like > > Oracle9i DBA 101. > > > http://www.amazon.com/exec/obidos/tg/detail/-/0072224746/qid=1057949734/sr=8 > > -1/ref=sr_8_1/104-2287688-5574335?v=glance&s=books&n=507846 > > It is also a good idea to always mention your Oracle version and platform > > (Unix, NT, etc.) in your posts. > > First, log in with the SYSTEM username. Then change the password for > SYSTEM > > and SYS with the command: > > ALTER USER SYSTEM IDENTIFIED BY x; > > Where x is your new password. > > You should be able to make these changes without affecting any end users. > > Next you should identify your groups of users and how they access Oracle. > > Basically you need to identify what their access requirements are and then > > audit the usernames they use to ensure the privileges granted are just > what > > is required. This is also a good time to see about changing passwords, but > > first buy the book and read up on the basics of Oracle security. > > > > Dennis Williams > > DBA, 80%OCP, 100% DBA > > Lifetouch, Inc. > > [EMAIL PROTECTED] > > > > -Original Message- > > Sent: Friday, July 11, 2003 2:45 PM > > To: Multiple recipients of list ORACLE-L > > > > Hi, > > > > I have a security question about Oracle database. Recently I have taken > > full control an Oracle database in my department. Now I would like to > > make sure that no other people except myself can update data in that > > database. Can somebody t
(no subject)
help -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: pfeffer INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: DECODE AND SELECT
- Original Message - > I am in urgent need of backporting oracle9i pl/sql to > oracle8i.I have encountered some case satements like > this > > CASE > when x>0 then (select y from deptno) > else > (select Z from emp) > end > > i need to convert them to decode statements.Can > anybody tell me how to write a select statement within > decode. You already got some suggestions. But if you're backporting from 9i to 8i, don't bother: 8i supports CASE happily. At least in SQL... Cheers Nuno Souto [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Souto INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
