Database Administrator Authentication
The database is not always available to authenticate a database administrator, such as when it is
down because of an unplanned outage or for an offline database backup. To address this situation,
Oracle uses a password file to maintain a list of database users who are allowed to perform
functions such as starting up and shutting down the database, initiating backups, and so forth.
Alternatively, a database administrator can use operating system authentication, which we
discuss in the next section. The flow chart shown in Figure 9-1 identifies the options for a database
administrator when deciding what method will work the best in their environment.
FIGURE 9-1 Authentication method flowchart
Chapter 9: Database Security and Auditing 281
For connecting locally to the server, the main consideration is the convenience of using the
same account for both the operating system and the Oracle server versus maintaining a password
file. For a remote administrator, the security of the connection is the driving factor when choosing
an authentication method. Without a secure connection, a hacker could easily impersonate a user
with the same account as that of an administrator on the server itself and gain full access to the
database with OS authentication.
NOTE
When using a password file for authentication, ensure that the
password file itself is in a directory location that is only accessible
by the operating system administrators and the user or group that
owns the Oracle software installation.
Pages:
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475