ODBC login as sysdba

What is the syntax? From a client desktop I can login to SQL Plus and Enterprise Manager 10g, but not via ODBC (Test Connection) using the same login.
SQL PLUS:
Start/Programs/Oracle - OraDb10g_home3/Application Development/SQL Plus
presents a login box. I enter info as follows, and login is successful
User Name: sys
Password: <mysyspwd>
Host String: ORCL AS SYSDBA
web site to Enterprise Manager also presents a login box
User Name: sys
Password: <mysyspwd>
Connect As <I select SYSDBA from the dropdown list.>
but, ODBC, System DSN tab, Add
Data Source Name: <whatever>
TNS Service Name: ORCL -- or ORCL AS SYSDBA
User ID: sys
Click Test Connection
Password: <mysyspwd>
When the TNS Service name is filled in with only the TNSname,
I get ORA-28009 connection to sys should be as sysdba or sysoper
When the TNS Service name is filled in with TNSname AS SYSDBA,
the error is ORA-12154 TNS:couldnot resolve the connect identifier specified.
When TNS Service name is ORCL and User Id is SYS AS SYSDBA,
the error is ORA-01017:invalid username/password;login denied
The dirver is Oracle in OraDB10g_home3 (10.01.00.02 SQORA32.DLL 2/10/2004)
And I can login via ODBC using
TNS Service Name: ORCL
User ID: scott
Click Test Connection button
Password: tiger
I get Connection successful
Thank you, Nancy
Edited by: user5699535 on Aug 16, 2010 7:29 AM

1 Both are dangerous, but using ODBC you can store the password of the account in the registry or odbc.ini. ODBC connections are usually being distributed to the end-users who don't have the faintest idea what they are doing. However, if they do know how to write a passthrough query, they can do anything.
2 Your database is open to everyone. You are exposing sensitive data. It is in hand of people who might know some SQL. Who might write incorrect queries. Who might doing things which can not be traced, as everything was executed by SYS.
The issue is most developers of commercial software vendors and major consultancies do not care about security at all. I was often instructed to grant the DBA role to the application owner, because otherwise 'the application doesn't work'. There are far more incompetent developers out there than you and I can imagine.
Connecting to the database as SYS, indicates a lack of concern for security, and being too lazy to find out what privileges are really required.
I'm not aware of any reason why the use of SYS should be allowed in any client tool other than sqlplus or maybe sqldeveloper.
Sybrand Bakker
Senior Oracle DBA

Similar Messages

  • Error while login as sysdba for creating a new db

    Hi DBAs,
    i need to create a new database base, so trying to login as sysdba after exporting <ORACLE_SID> and <ORACLE_HOME> and getting the following error, need your help urgently.
    SQL> conn / as sysdba
    exec(): 0509-036 Cannot load program oracleDBDOC because of the following errors:0509-150 Dependent module /data/oracle/product/10.2.0.3/lib/libjox10.a(shr.o) could not be loaded.
    0509-022 Cannot load module /data/oracle/product/10.2.0.3/lib/libjox10.a(shr.o)0509-026 System error: The file access permissions do not allow the specified action.
    Regards
    Asif

    I am not very sure about the error but it seems to some permission related error on oracle binaries. Can you check those permissions.
    Have you created pwd file for db ?
    Cheers

  • Could not login as sysdba after changing oracle sid

    I am using Oracle 10g on Windows. I am getting errors while performing cloning of database from cold backup ( just for leaning purpose).
    The problem is that when i set the ORACLE_SID=ORCL, then i can get login as sysdba but when i change the ORACLE_SID=clone, i get following error:
    ERROR:
    ORA-12560: TNS:protocol adapter error
    Also, I have created the password file using the following command:
    orapwd file=D:\ORACLE\product\10.2.0\db_1\database\PWDclone.ora password=xxxx

    Moazzam wrote:
    I am using Oracle 10g on Windows. I am getting errors while performing cloning of database from cold backup ( just for leaning purpose).
    The problem is that when i set the ORACLE_SID=ORCL, then i can get login as sysdba but when i change the ORACLE_SID=clone, i get following error:
    ERROR:
    ORA-12560: TNS:protocol adapter error
    Also, I have created the password file using the following command:
    orapwd file=D:\ORACLE\product\10.2.0\db_1\database\PWDclone.ora password=xxxxtry this,
    oradim -new -sid clone -intpwd oracle
    and login

  • Login as sysdba problem...

    Hi,
    I've created my own database to make tests on Oracle and directly after that I've changed the passwords for all the users (sys and system users included).
    When I try to login without the sysdba role, Oracle applies the password verification fine.
    The problem is when I try to login as sysdba:
    $> sqlplus 'sys as sysdba'
    I can enter whatever password I want and I'm connected !!!
    And it's the same if first I type:
    $> sqlplus /NOLOG
    SQL*Plus: Release 9.2.0.1.0 - Production on Wed May 7 13:21:44 2003
    Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
    SQL> connect sys as sysdba
    Could someone help me to find where It comes from and how I do solve this security hole...
    Thanks in advance
    Paul

    What's the OS? Are you signed on to the OS as a user in > the DBA group?I'm using a Debian 3.0 (Woody) operating system with a Linux 2.4.18 kernel
    I've got only one user which is a member of the DBA group and what I experienced, It's true, was only when I was logged as this user...
    Does it means that when a user is a member of the DBA group on the operating system, even if the remote_os_authent parameter is set to false, he can login with sys as sysdba as he wants trough sqlplus ?
    +++++++++++++++++++++++++++++++
    Original message:
    Hi,
    I've created my own database to make tests on Oracle and directly after that I've changed the passwords for all the users (sys and system users included).
    When I try to login without the sysdba role, Oracle applies the password verification fine.
    The problem is when I try to login as sysdba:
    $> sqlplus 'sys as sysdba'
    I can enter whatever password I want and I'm connected !!!
    And it's the same if first I type:
    $> sqlplus /NOLOG
    SQL*Plus: Release 9.2.0.1.0 - Production on Wed May 7 13:21:44 2003
    Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
    SQL> connect sys as sysdba
    Could someone help me to find where It comes from and how I do solve this security hole...
    Thanks in advance
    Paul
    +++++++++++++++++++++++++++++++

  • Login as sysdba for patch R12 problem

    Hi,
    I am trying to apply the patch 12.0.3 for R12.
    On of the items is to run a script under a SYSDBA user, however I am not able to login as Sysdba, also not the sys user.
    The scripts :
    SQL> select * from v$pwfile_users;
    no rows selected
    Seems that my passwordfile is missing ?
    Running orapwd gives me the following result :
    [root@linux12 bin]# ./orapwd file=$ORACLE_HOME/dbs/orapw password=manager entries=30
    Unable to find error file.
    Anybody can help me ?

    Yes it is ,see :
    [root@linux12 ~]# echo $PATH
    /oracle/VIS/apps/tech_st/10.1.3/perl/bin:/oracle/VIS/apps/tech_st/10.1.2/bin:
    /oracle/VIS/apps/apps_st/appl/fnd/12.0.0/bin:/oracle/VIS/apps/apps_st/appl/ad/12.0.0/bin:
    /oracle/VIS/apps/tech_st/10.1.3/appsutil/jdk/jre/bin:/oracle/VIS/apps/apps_st/comn/util/unzip/unzip/unzip-5.50::
    /oracle/VIS/apps/tech_st/10.1.2/bin:/usr/bin:/usr/ccs/bin:
    /usr/sbin:/oracle/VIS/apps/tech_st/10.1.3/bin:/oracle/VIS/inst/apps/VIS_linux12/ora/10.1.3/opmn/bin
    :/oracle/VIS/inst/apps/VIS_linux12/ora/10.1.3/Apache/Apache/bin:/oracle/VIS/apps/tech_st/10.1.3/Apache/Apache/bin:/oracle/VIS/apps/tech_st/10.1.3/oui/bin:/oracle/VIS/apps/tech_st/10.1.3/OPatch:/oracle/VIS/apps/tech_st/10.1.3/jdk/jre/bin:/oracle/VIS/apps/tech_st/10.1.3/perl/bin:/usr/bin:/usr/ccs/bin:/usr/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/oracle/VIS/apps/tech_st/10.1.3/appsutil/jdk/bin:/root/bin
    [root@linux12 ~]# path
    [root@linux12 ~]#

  • Issue encountered when Login as sysdba role using Thin Oracle JDBC Driver

    Hello all,
    we are now considering to use Thin oracle JDBC driver to create database in our project, but we met one issue when we tried to connect to oracle as sysdba role using Thin driver, and it throws java.sql.SQLException: Io Exception: SO Exception was generated, I have found some tips on oracle jdbc website and it says :
    How do I connect as SYSDBA or SYSOPER?
    The only way to do this is to use the Properties object when connecting, rather than specifying the username and password as strings. Put the username into the "user" property, and the password into the "password" property. Then, put the mode into the "internal_logon" property. Something like the following:
    Properties props = new Properties();
    props.put("user", "scott");
    props.put("password", "tiger");
    props.put("internal_logon", "sysoper");
    Connection conn = DriverManager.getConnection (url, props);
    When connecting as SYSDBA or SYSOPER using the Thin driver, the RDBMS must be configured to use a password file. See "Creating and Maintaining a Password File" in the "Oracle Database Administrator's Guide".
    So, i did execute orapwd command to create a password file and also set remote_login_passwordfile=execlusive in my initxxx.ora initial parameter file, however, when i tried to connect, it failed.
    private static void createEmsdbDatabase(){
    String url = "jdbc:oracle:thin:@localhost:1521:";
    StringBuffer sqlStatement = new StringBuffer();
    sqlStatement.append("create database xxx");
    sqlStatement.append("maxdatafiles 254 ");
    sqlStatement.append("maxinstances 8 ");
    sqlStatement.append("maxlogfiles 32 ");
    sqlStatement.append("character set UTF8 ");
    sqlStatement.append("national character set UTF8 ");
    sqlStatement.append("DATAFILE 'c:\\oracle\\xxx\\system01.dbf' SIZE 18M REUSE ");
    sqlStatement.append("logfile 'c:\\oracle\\xxx\\redo01.log' SIZE 2M REUSE, ");
    sqlStatement.append("'c:\\oracle\\xxx\\redo02.log' SIZE 2M REUSE, ");
    sqlStatement.append("'c:\\oracle\\xxx\\redo03.log' SIZE 2M REUSE ");
    try {
    DriverManager.registerDriver(new OracleDriver());
    Properties props = new Properties();
    props.put("user", "sys");
    props.put("password", "password");
    props.put("database","xxx");
    props.put("internal_logon", "sysdba");
    Connection conn = DriverManager.getConnection(url, props);
    Statement statement = conn.createStatement();
    statement.executeUpdate(sqlStatement.toString());
    statement.close();
    conn.close();
    } catch (SQLException e) {
    e.printStackTrace();
    But what made me puzzled a lot is if i use OCI driver, it did work great, why??? guys, anybody knows, please give me some tips, thanks in advance.
    regards,
    Kaixuan @ Shanghai

    clarify my question in detail:
    Step 1 : create password file using orapwd command
    Step 2 : create database instance using oradim command
    Step 3 : login using sys as sysdba to startup database, e.g startup nomount pfile='...\initxxx.ora'
    Step 4 : create database.
    java code showing below:
    private static void createEmsdbDatabase(){
    String url = "jdbc:oracle:thin:@localhost:1521:";
    StringBuffer sqlStatement = new StringBuffer();
    sqlStatement.append("create database xxx ");
    sqlStatement.append("maxdatafiles 254 ");
    sqlStatement.append("maxinstances 8 ");
    sqlStatement.append("maxlogfiles 32 ");
    sqlStatement.append("character set UTF8 ");
    sqlStatement.append("national character set UTF8 ");
    sqlStatement.append("DATAFILE 'c:\\oracle\\xxx\\system01.dbf' SIZE 18M REUSE ");
    sqlStatement.append("logfile 'c:\\oracle\\xxx\\redo01.log' SIZE 2M REUSE, ");
    sqlStatement.append("'c:\\oracle\\xxx\\redo02.log' SIZE 2M REUSE, ");
    sqlStatement.append("'c:\\oracle\\xxx\\redo03.log' SIZE 2M REUSE ");
    try {
    DriverManager.registerDriver(new OracleDriver());
    Properties props = new Properties();
    props.put("user", "sys");
    props.put("password", "password");
    props.put("database","xxx");
    props.put("internal_logon", "sysdba");
    Connection conn = DriverManager.getConnection(url, props);
    Statement statement = conn.createStatement();
    statement.executeUpdate(sqlStatement.toString());
    statement.close();
    conn.close();
    } catch (SQLException e) {
    e.printStackTrace();
    issue was met here, when i tried to login as sysdba using sys, and in my java code, i use Thin driver, it then thrus exception, but when OCI driver is used, it works great, i don't know why.
    that is, when i use "jdbc:oracle:oci8:@" as database URL and then properties.put("database","xxx"), it works great. but, when i use "jdbc:oracle:thin:@localhost:1521:" as database URL and then properties.put("database","xxx"), it failed. hopefully, i have clarified my question clearly. thanks.

  • ORA-01031:  when login as sysdba

    We have Oracle 11.2 on Redhat 5.6. on the server box, I can login as sysdba by doing sqlplus / as sysdbaBut failed when I do sqlplus sys/****@cchdev as sysdba
    ERROR:
    ORA-01031: insufficient privileges or In sqlplus conn sys/****@cchdev as sysdba
    ERROR:
    ORA-01031: insufficient privilegesI suspect the password is wrong, then I changed password. But I got the same error when using new password.
    I could login all three way above last time. WHat is wrong?

    Here is the result od env|sort[oracle@cchORdev1 ~]$ env|sort
    BI_CONFIG_DIR=/u01/app/obiee/server/Config
    _=/bin/env
    BI_OC4J_DIR=/u01/app/obiee/oc4j_bi
    BI_RPD_DIR=/u01/app/obiee/server/Repository
    CLASSPATH=/u01/app/oracle/product/11.2.0/dbhome_1/JRE:/u01/app/oracle/product/11.2.0/dbhome_1/jlib:/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/jlib
    CVS_RSH=ssh
    G_BROKEN_FILENAMES=1
    HISTSIZE=1000
    HOME=/home/oracle
    HOSTNAME=cchORdev1
    INPUTRC=/etc/inputrc
    KDEDIR=/usr
    KDE_IS_PRELINKED=1
    KDE_NO_IPV6=1
    LANG=en_US.UTF-8
    LD_LIBRARY_PATH=/u01/app/oracle/product/11.2.0/dbhome_1/lib:/lib:/usr/lib
    LESSOPEN=|/usr/bin/lesspipe.sh %s
    LOGNAME=oracle
    LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
    MAIL=/var/spool/mail/oracle
    OBI_BASE=/u01/app/obiee/
    OBI_PRESENTATION_CONFIG=/u01/app/obiee//web/config
    ORA_ALERT_DIR=/var/oracle/diag/rdbms/cchdev/CCHDEV/trace
    ORA_BI_HOME=/u01/app/obiee
    ORACLE_BASE=/u01/app/oracle
    ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1
    ORACLE_SID=cchdev
    ORACLE_TERM=xterm
    ORA_DUMP_DIR=/u05/oracle/dpdump
    PATH=/u01/app/oracle/product/11.2.0/dbhome_1/bin:/sbin:/usr/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/oracle/bin:/u01/app/oracle/product/11.2.0/dbhome_1/jdk/bin
    PWD=/home/oracle
    SHELL=/bin/bash
    SHLVL=1
    SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
    SSH_CLIENT=10.2.0.54 6032 22
    SSH_CONNECTION=10.2.0.54 6032 10.2.0.200 22
    SSH_TTY=/dev/pts/1
    TERM=xterm
    TMPDIR=/tmp
    TMP=/tmp
    TNS_ADMIN=/u01/app/oracle/product/11.2.0/dbhome_1/network/admin
    USER=oracle
    [oracle@cchORdev1 ~]$Edited by: user623617 on Apr 16, 2010 12:11 PM

  • Unable to login as sysdba after installing ODAC and Oracle developer tools

    Hi..I was able to login with
    sqlplus / as sysdba and unlock scott account.
    I then installed ODAC and now when i try to login as sysdba i get Insufficient privileges error.
    also tried sys/password , sys/change_on_install, system/manager but no luck.
    Please help.I am using a desktop and logged in as an administrator.

    989994 wrote:
    Hi..I was able to login with
    sqlplus / as sysdba and unlock scott account.
    I then installed ODAC and now when i try to login as sysdba i get Insufficient privileges error.
    also tried sys/password , sys/change_on_install, system/manager but no luck.
    Please help.I am using a desktop and logged in as an administrator.I think we are missing some information here. Are you trying to connect via Server Explorer?
    If so, you need to choose the drop down box and set it to "SYSDBA".

  • SQL Server Expres 2008R2 on Windows 7 peer to peer network using MS Access to connect - ODBC Login Timeout

    Hello,
    I have had a Microsoft Access database that was running on Windows XP against a SQL Server 2000 database.  We are running on a peer to peer network.  This all worked fine.  Recently I upgraded all the systems to Windows 7 and the Access database
    to Office 2013 and setup SQL Server Express 2008R2.  I am running into strange problems trying to connect the access database to SQL Server Express.
    SQL Server Express was setup with mixed authentication mode. 
    What is strange to me is that if I run the Access database on the same server as SQL Server Express 2008R2, everything works fine. However, if I run the Access database from a separate system (Windows usernames and passwords are identical on all systems
    for all accounts).  I get a spinning circle, then after 5 minutes or so I get an error box that says "Connection Failed SQL State S1-T00 - ODBC Login Timeout Expired.
    I click OK and then there is a ODBC login box,  It has trusted connection  box checked.  So, I just click ok and everything runs fine.
    I have checked with the Access database the ODBC connection string (How do you change this to imbed a username and pwd?) and the connection specifies that trustedconnection = yes.
    I have tried setting the odbc connection up to use a SQL Account, I have setup all of the security in SQL so that Windows accounts have access and either works on the system that is hosting the SQL database.  But when I try to connect from a separate
    machine we have to wait with the timeout and then click okay.
    Any Ideas.
    Thank you!!!

    I have TCP/IP and named pipes.
    I will take a look at the kb article.
    What puzzles me is that odbc connection is set for trusted connection, the access database is set for trusted connection.  But yet it seems that it wants to do a SQL authentication.  Then it fails, and then if you simply hit okay to do the Trusted
    Connection then it is fine.
    I will read about setting the UID and PWD in code.  Been a long time since I have done that, but very doable.  Then see if the Access DB is setup with the UID and Pwd in the odbc connection string, then switch the odbc connection to be a SQL Server
    connect, then maybe it will work..  Crossing my fingers.
    I will be back on site next week and will give it a try then.
    I will check the ports, but suspect they are fine as it works fine after it has it timed out and you hit okay to connect with a trusted connection.
    Thanks for your ideas.

  • Why does more users can login as sysdba than specified in password file

    I have multiple databases using same password file which has five entries for sysdba, but i have more than five users who have sysdba right and all of them can simultaneously login as sysdba, can any one explain why

    How do your users connect ? You may have any number of users connected locally as sysdba. Local connections are authenticated by OS, no password file is used.
    Moreover, the five entries of password file have to be intended as DISTINCT users, but you may have a much higher number of connections.

  • Database Login - Can not login as sysdba

    I have a userid for a database on a separate server. I can login as sysdba on the server with the database and from the OEM server. I can not login as sysdba from OEM. Is there a change that needs to be made to the password file or does there need to be password file on the OEM repository server?

    What do you mean with OEM server here? Centralized gridcontrol server? That's a different concept, you connect to a specific administration user (often SYSMAN), 'sysdba' is not applicable here. Otherwise a server, which hosts a standalone DBConsole is not different from any other database server.
    Werner

  • Disable login as sysdba without password

    Hi,
    we are hosting our environment externally with a hosting company and wanted to know if there was anyway of disabling (from within the database) login "/ as sysdba" without having to provide a password.
    The scenario we are trying to avoid is a malicious OS administrator putting themselves into the dba/ora_dba group and then setting the sqlnet.ora parameter SQLNET.AUTHENTICATION_SERVICES = (NTS) and then being able to login to the database without out having to provide a password and being able to view very sensitive data??
    any help much appreciated.

    It sounds like you have a managed hosting company. You need to discuss with the hosting company what types of access they need in order to perform their management functions and limit the admins at the hosting company to an account that does not allow them to add them selves to the dba/ora_dba group or perform any other functions that you do not wish them to perform.

  • How can i find out how many users can login as sysdba using password file

    can any one please tell me how can i find out how many users can login as sysdba using password file
    please reply
    asif

    SYS@db102 SQL> select * from v$pwfile_users;
    USERNAME                       SYSDB SYSOP
    SYS                            TRUE  TRUE
    SYS@db102 SQL>                                  

  • Only able to login as sysdba?

    I just installed 11g2 on Redhat 5. I logged in using sqlplus as follows:
    $sqlplus sys/abcabc as sysdba
    I created a user as follows:
    sqlplus> create user "xyz"
    profile "DEFAULT"
    identified by "abcabc"
    default tablespace "MYTAB"
    temporary tablespace "TEMP"
    account unlock;
    sqlplus> grant dba to "xyz"
    sqlplus> commit;
    sqlplus reported user created and dba granted. No errors were repored by sqlplus.
    Now when I try to login as follows:
    $sqlplus xyz/abcabc
    I get a login prompt again and after 3 retries, I'm kicked out.
    BUT, if I login as follows:
    $sqlplus xyz/abcabc as sysdba
    I get logged in.
    What could be the problem? I've followed the exact same procedure for creating a user many times before and it always worked. What is different this time that I need to login as sysdba?
    Thanks

    sb92075 wrote:
    Aman.... wrote:
    Not sure how it worked for you in the past but its not a good way to create usernames and passwords.
    Aman....different version behave differently regarding usernames & passwordsYep, just noticed that OP is using 11.2 which has case-sensitive passwords .
    Aman....

  • Cannot login as sysdba in Oracle Enterprise Management Console

    Hi,
    I have recently installed Oracle 9.2.0.4 in Red Hat Linux 9.
    I ran "oemapp console" to launch the Oracle Enterprise Manager Console Standalone. However, everytime I tried to login as:
    user: sys
    password: <sys password>
    connect as: sysdba
    I always get ORA-01031: insufficient privileges.
    The Oracle database where I cannot connect as sysdba in OEM was created MANUALLY.
    However, I can successfully login to OEM as sysdba if the database was created using Database Configuration Assistant...
    So I might have missed out some configurations when I creasted the database MANUALLY...
    any ideas??
    Thanks in Advance
    Regards
    Prasanna

    Hi there once more,
    Of course it is possible that user system has the same problems as user sys (insufficient privs)....
    In that case try to log on as internal/pwd@dbname as sysdba to perform the trick.
    Good luck!
    Regards,
    Georges.

Maybe you are looking for