ODBC login as sysdba
What is the syntax? From a client desktop I can login to SQL Plus and Enterprise Manager 10g, but not via ODBC (Test Connection) using the same login.
SQL PLUS:
Start/Programs/Oracle - OraDb10g_home3/Application Development/SQL Plus
presents a login box. I enter info as follows, and login is successful
User Name: sys
Password: <mysyspwd>
Host String: ORCL AS SYSDBA
web site to Enterprise Manager also presents a login box
User Name: sys
Password: <mysyspwd>
Connect As <I select SYSDBA from the dropdown list.>
but, ODBC, System DSN tab, Add
Data Source Name: <whatever>
TNS Service Name: ORCL -- or ORCL AS SYSDBA
User ID: sys
Click Test Connection
Password: <mysyspwd>
When the TNS Service name is filled in with only the TNSname,
I get ORA-28009 connection to sys should be as sysdba or sysoper
When the TNS Service name is filled in with TNSname AS SYSDBA,
the error is ORA-12154 TNS:couldnot resolve the connect identifier specified.
When TNS Service name is ORCL and User Id is SYS AS SYSDBA,
the error is ORA-01017:invalid username/password;login denied
The dirver is Oracle in OraDB10g_home3 (10.01.00.02 SQORA32.DLL 2/10/2004)
And I can login via ODBC using
TNS Service Name: ORCL
User ID: scott
Click Test Connection button
Password: tiger
I get Connection successful
Thank you, Nancy
Edited by: user5699535 on Aug 16, 2010 7:29 AM
1 Both are dangerous, but using ODBC you can store the password of the account in the registry or odbc.ini. ODBC connections are usually being distributed to the end-users who don't have the faintest idea what they are doing. However, if they do know how to write a passthrough query, they can do anything.
2 Your database is open to everyone. You are exposing sensitive data. It is in hand of people who might know some SQL. Who might write incorrect queries. Who might doing things which can not be traced, as everything was executed by SYS.
The issue is most developers of commercial software vendors and major consultancies do not care about security at all. I was often instructed to grant the DBA role to the application owner, because otherwise 'the application doesn't work'. There are far more incompetent developers out there than you and I can imagine.
Connecting to the database as SYS, indicates a lack of concern for security, and being too lazy to find out what privileges are really required.
I'm not aware of any reason why the use of SYS should be allowed in any client tool other than sqlplus or maybe sqldeveloper.
Sybrand Bakker
Senior Oracle DBA
Similar Messages
-
Error while login as sysdba for creating a new db
Hi DBAs,
i need to create a new database base, so trying to login as sysdba after exporting <ORACLE_SID> and <ORACLE_HOME> and getting the following error, need your help urgently.
SQL> conn / as sysdba
exec(): 0509-036 Cannot load program oracleDBDOC because of the following errors:0509-150 Dependent module /data/oracle/product/10.2.0.3/lib/libjox10.a(shr.o) could not be loaded.
0509-022 Cannot load module /data/oracle/product/10.2.0.3/lib/libjox10.a(shr.o)0509-026 System error: The file access permissions do not allow the specified action.
Regards
AsifI am not very sure about the error but it seems to some permission related error on oracle binaries. Can you check those permissions.
Have you created pwd file for db ?
Cheers -
Could not login as sysdba after changing oracle sid
I am using Oracle 10g on Windows. I am getting errors while performing cloning of database from cold backup ( just for leaning purpose).
The problem is that when i set the ORACLE_SID=ORCL, then i can get login as sysdba but when i change the ORACLE_SID=clone, i get following error:
ERROR:
ORA-12560: TNS:protocol adapter error
Also, I have created the password file using the following command:
orapwd file=D:\ORACLE\product\10.2.0\db_1\database\PWDclone.ora password=xxxxMoazzam wrote:
I am using Oracle 10g on Windows. I am getting errors while performing cloning of database from cold backup ( just for leaning purpose).
The problem is that when i set the ORACLE_SID=ORCL, then i can get login as sysdba but when i change the ORACLE_SID=clone, i get following error:
ERROR:
ORA-12560: TNS:protocol adapter error
Also, I have created the password file using the following command:
orapwd file=D:\ORACLE\product\10.2.0\db_1\database\PWDclone.ora password=xxxxtry this,
oradim -new -sid clone -intpwd oracle
and login -
Login as sysdba problem...
Hi,
I've created my own database to make tests on Oracle and directly after that I've changed the passwords for all the users (sys and system users included).
When I try to login without the sysdba role, Oracle applies the password verification fine.
The problem is when I try to login as sysdba:
$> sqlplus 'sys as sysdba'
I can enter whatever password I want and I'm connected !!!
And it's the same if first I type:
$> sqlplus /NOLOG
SQL*Plus: Release 9.2.0.1.0 - Production on Wed May 7 13:21:44 2003
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
SQL> connect sys as sysdba
Could someone help me to find where It comes from and how I do solve this security hole...
Thanks in advance
PaulWhat's the OS? Are you signed on to the OS as a user in > the DBA group?I'm using a Debian 3.0 (Woody) operating system with a Linux 2.4.18 kernel
I've got only one user which is a member of the DBA group and what I experienced, It's true, was only when I was logged as this user...
Does it means that when a user is a member of the DBA group on the operating system, even if the remote_os_authent parameter is set to false, he can login with sys as sysdba as he wants trough sqlplus ?
+++++++++++++++++++++++++++++++
Original message:
Hi,
I've created my own database to make tests on Oracle and directly after that I've changed the passwords for all the users (sys and system users included).
When I try to login without the sysdba role, Oracle applies the password verification fine.
The problem is when I try to login as sysdba:
$> sqlplus 'sys as sysdba'
I can enter whatever password I want and I'm connected !!!
And it's the same if first I type:
$> sqlplus /NOLOG
SQL*Plus: Release 9.2.0.1.0 - Production on Wed May 7 13:21:44 2003
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
SQL> connect sys as sysdba
Could someone help me to find where It comes from and how I do solve this security hole...
Thanks in advance
Paul
+++++++++++++++++++++++++++++++ -
Login as sysdba for patch R12 problem
Hi,
I am trying to apply the patch 12.0.3 for R12.
On of the items is to run a script under a SYSDBA user, however I am not able to login as Sysdba, also not the sys user.
The scripts :
SQL> select * from v$pwfile_users;
no rows selected
Seems that my passwordfile is missing ?
Running orapwd gives me the following result :
[root@linux12 bin]# ./orapwd file=$ORACLE_HOME/dbs/orapw password=manager entries=30
Unable to find error file.
Anybody can help me ?Yes it is ,see :
[root@linux12 ~]# echo $PATH
/oracle/VIS/apps/tech_st/10.1.3/perl/bin:/oracle/VIS/apps/tech_st/10.1.2/bin:
/oracle/VIS/apps/apps_st/appl/fnd/12.0.0/bin:/oracle/VIS/apps/apps_st/appl/ad/12.0.0/bin:
/oracle/VIS/apps/tech_st/10.1.3/appsutil/jdk/jre/bin:/oracle/VIS/apps/apps_st/comn/util/unzip/unzip/unzip-5.50::
/oracle/VIS/apps/tech_st/10.1.2/bin:/usr/bin:/usr/ccs/bin:
/usr/sbin:/oracle/VIS/apps/tech_st/10.1.3/bin:/oracle/VIS/inst/apps/VIS_linux12/ora/10.1.3/opmn/bin
:/oracle/VIS/inst/apps/VIS_linux12/ora/10.1.3/Apache/Apache/bin:/oracle/VIS/apps/tech_st/10.1.3/Apache/Apache/bin:/oracle/VIS/apps/tech_st/10.1.3/oui/bin:/oracle/VIS/apps/tech_st/10.1.3/OPatch:/oracle/VIS/apps/tech_st/10.1.3/jdk/jre/bin:/oracle/VIS/apps/tech_st/10.1.3/perl/bin:/usr/bin:/usr/ccs/bin:/usr/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/oracle/VIS/apps/tech_st/10.1.3/appsutil/jdk/bin:/root/bin
[root@linux12 ~]# path
[root@linux12 ~]# -
Issue encountered when Login as sysdba role using Thin Oracle JDBC Driver
Hello all,
we are now considering to use Thin oracle JDBC driver to create database in our project, but we met one issue when we tried to connect to oracle as sysdba role using Thin driver, and it throws java.sql.SQLException: Io Exception: SO Exception was generated, I have found some tips on oracle jdbc website and it says :
How do I connect as SYSDBA or SYSOPER?
The only way to do this is to use the Properties object when connecting, rather than specifying the username and password as strings. Put the username into the "user" property, and the password into the "password" property. Then, put the mode into the "internal_logon" property. Something like the following:
Properties props = new Properties();
props.put("user", "scott");
props.put("password", "tiger");
props.put("internal_logon", "sysoper");
Connection conn = DriverManager.getConnection (url, props);
When connecting as SYSDBA or SYSOPER using the Thin driver, the RDBMS must be configured to use a password file. See "Creating and Maintaining a Password File" in the "Oracle Database Administrator's Guide".
So, i did execute orapwd command to create a password file and also set remote_login_passwordfile=execlusive in my initxxx.ora initial parameter file, however, when i tried to connect, it failed.
private static void createEmsdbDatabase(){
String url = "jdbc:oracle:thin:@localhost:1521:";
StringBuffer sqlStatement = new StringBuffer();
sqlStatement.append("create database xxx");
sqlStatement.append("maxdatafiles 254 ");
sqlStatement.append("maxinstances 8 ");
sqlStatement.append("maxlogfiles 32 ");
sqlStatement.append("character set UTF8 ");
sqlStatement.append("national character set UTF8 ");
sqlStatement.append("DATAFILE 'c:\\oracle\\xxx\\system01.dbf' SIZE 18M REUSE ");
sqlStatement.append("logfile 'c:\\oracle\\xxx\\redo01.log' SIZE 2M REUSE, ");
sqlStatement.append("'c:\\oracle\\xxx\\redo02.log' SIZE 2M REUSE, ");
sqlStatement.append("'c:\\oracle\\xxx\\redo03.log' SIZE 2M REUSE ");
try {
DriverManager.registerDriver(new OracleDriver());
Properties props = new Properties();
props.put("user", "sys");
props.put("password", "password");
props.put("database","xxx");
props.put("internal_logon", "sysdba");
Connection conn = DriverManager.getConnection(url, props);
Statement statement = conn.createStatement();
statement.executeUpdate(sqlStatement.toString());
statement.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
But what made me puzzled a lot is if i use OCI driver, it did work great, why??? guys, anybody knows, please give me some tips, thanks in advance.
regards,
Kaixuan @ Shanghaiclarify my question in detail:
Step 1 : create password file using orapwd command
Step 2 : create database instance using oradim command
Step 3 : login using sys as sysdba to startup database, e.g startup nomount pfile='...\initxxx.ora'
Step 4 : create database.
java code showing below:
private static void createEmsdbDatabase(){
String url = "jdbc:oracle:thin:@localhost:1521:";
StringBuffer sqlStatement = new StringBuffer();
sqlStatement.append("create database xxx ");
sqlStatement.append("maxdatafiles 254 ");
sqlStatement.append("maxinstances 8 ");
sqlStatement.append("maxlogfiles 32 ");
sqlStatement.append("character set UTF8 ");
sqlStatement.append("national character set UTF8 ");
sqlStatement.append("DATAFILE 'c:\\oracle\\xxx\\system01.dbf' SIZE 18M REUSE ");
sqlStatement.append("logfile 'c:\\oracle\\xxx\\redo01.log' SIZE 2M REUSE, ");
sqlStatement.append("'c:\\oracle\\xxx\\redo02.log' SIZE 2M REUSE, ");
sqlStatement.append("'c:\\oracle\\xxx\\redo03.log' SIZE 2M REUSE ");
try {
DriverManager.registerDriver(new OracleDriver());
Properties props = new Properties();
props.put("user", "sys");
props.put("password", "password");
props.put("database","xxx");
props.put("internal_logon", "sysdba");
Connection conn = DriverManager.getConnection(url, props);
Statement statement = conn.createStatement();
statement.executeUpdate(sqlStatement.toString());
statement.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
issue was met here, when i tried to login as sysdba using sys, and in my java code, i use Thin driver, it then thrus exception, but when OCI driver is used, it works great, i don't know why.
that is, when i use "jdbc:oracle:oci8:@" as database URL and then properties.put("database","xxx"), it works great. but, when i use "jdbc:oracle:thin:@localhost:1521:" as database URL and then properties.put("database","xxx"), it failed. hopefully, i have clarified my question clearly. thanks. -
ORA-01031: when login as sysdba
We have Oracle 11.2 on Redhat 5.6. on the server box, I can login as sysdba by doing sqlplus / as sysdbaBut failed when I do sqlplus sys/****@cchdev as sysdba
ERROR:
ORA-01031: insufficient privileges or In sqlplus conn sys/****@cchdev as sysdba
ERROR:
ORA-01031: insufficient privilegesI suspect the password is wrong, then I changed password. But I got the same error when using new password.
I could login all three way above last time. WHat is wrong?Here is the result od env|sort[oracle@cchORdev1 ~]$ env|sort
BI_CONFIG_DIR=/u01/app/obiee/server/Config
_=/bin/env
BI_OC4J_DIR=/u01/app/obiee/oc4j_bi
BI_RPD_DIR=/u01/app/obiee/server/Repository
CLASSPATH=/u01/app/oracle/product/11.2.0/dbhome_1/JRE:/u01/app/oracle/product/11.2.0/dbhome_1/jlib:/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/jlib
CVS_RSH=ssh
G_BROKEN_FILENAMES=1
HISTSIZE=1000
HOME=/home/oracle
HOSTNAME=cchORdev1
INPUTRC=/etc/inputrc
KDEDIR=/usr
KDE_IS_PRELINKED=1
KDE_NO_IPV6=1
LANG=en_US.UTF-8
LD_LIBRARY_PATH=/u01/app/oracle/product/11.2.0/dbhome_1/lib:/lib:/usr/lib
LESSOPEN=|/usr/bin/lesspipe.sh %s
LOGNAME=oracle
LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
MAIL=/var/spool/mail/oracle
OBI_BASE=/u01/app/obiee/
OBI_PRESENTATION_CONFIG=/u01/app/obiee//web/config
ORA_ALERT_DIR=/var/oracle/diag/rdbms/cchdev/CCHDEV/trace
ORA_BI_HOME=/u01/app/obiee
ORACLE_BASE=/u01/app/oracle
ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1
ORACLE_SID=cchdev
ORACLE_TERM=xterm
ORA_DUMP_DIR=/u05/oracle/dpdump
PATH=/u01/app/oracle/product/11.2.0/dbhome_1/bin:/sbin:/usr/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/oracle/bin:/u01/app/oracle/product/11.2.0/dbhome_1/jdk/bin
PWD=/home/oracle
SHELL=/bin/bash
SHLVL=1
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_CLIENT=10.2.0.54 6032 22
SSH_CONNECTION=10.2.0.54 6032 10.2.0.200 22
SSH_TTY=/dev/pts/1
TERM=xterm
TMPDIR=/tmp
TMP=/tmp
TNS_ADMIN=/u01/app/oracle/product/11.2.0/dbhome_1/network/admin
USER=oracle
[oracle@cchORdev1 ~]$Edited by: user623617 on Apr 16, 2010 12:11 PM -
Unable to login as sysdba after installing ODAC and Oracle developer tools
Hi..I was able to login with
sqlplus / as sysdba and unlock scott account.
I then installed ODAC and now when i try to login as sysdba i get Insufficient privileges error.
also tried sys/password , sys/change_on_install, system/manager but no luck.
Please help.I am using a desktop and logged in as an administrator.989994 wrote:
Hi..I was able to login with
sqlplus / as sysdba and unlock scott account.
I then installed ODAC and now when i try to login as sysdba i get Insufficient privileges error.
also tried sys/password , sys/change_on_install, system/manager but no luck.
Please help.I am using a desktop and logged in as an administrator.I think we are missing some information here. Are you trying to connect via Server Explorer?
If so, you need to choose the drop down box and set it to "SYSDBA". -
Hello,
I have had a Microsoft Access database that was running on Windows XP against a SQL Server 2000 database. We are running on a peer to peer network. This all worked fine. Recently I upgraded all the systems to Windows 7 and the Access database
to Office 2013 and setup SQL Server Express 2008R2. I am running into strange problems trying to connect the access database to SQL Server Express.
SQL Server Express was setup with mixed authentication mode.
What is strange to me is that if I run the Access database on the same server as SQL Server Express 2008R2, everything works fine. However, if I run the Access database from a separate system (Windows usernames and passwords are identical on all systems
for all accounts). I get a spinning circle, then after 5 minutes or so I get an error box that says "Connection Failed SQL State S1-T00 - ODBC Login Timeout Expired.
I click OK and then there is a ODBC login box, It has trusted connection box checked. So, I just click ok and everything runs fine.
I have checked with the Access database the ODBC connection string (How do you change this to imbed a username and pwd?) and the connection specifies that trustedconnection = yes.
I have tried setting the odbc connection up to use a SQL Account, I have setup all of the security in SQL so that Windows accounts have access and either works on the system that is hosting the SQL database. But when I try to connect from a separate
machine we have to wait with the timeout and then click okay.
Any Ideas.
Thank you!!!I have TCP/IP and named pipes.
I will take a look at the kb article.
What puzzles me is that odbc connection is set for trusted connection, the access database is set for trusted connection. But yet it seems that it wants to do a SQL authentication. Then it fails, and then if you simply hit okay to do the Trusted
Connection then it is fine.
I will read about setting the UID and PWD in code. Been a long time since I have done that, but very doable. Then see if the Access DB is setup with the UID and Pwd in the odbc connection string, then switch the odbc connection to be a SQL Server
connect, then maybe it will work.. Crossing my fingers.
I will be back on site next week and will give it a try then.
I will check the ports, but suspect they are fine as it works fine after it has it timed out and you hit okay to connect with a trusted connection.
Thanks for your ideas. -
Why does more users can login as sysdba than specified in password file
I have multiple databases using same password file which has five entries for sysdba, but i have more than five users who have sysdba right and all of them can simultaneously login as sysdba, can any one explain why
How do your users connect ? You may have any number of users connected locally as sysdba. Local connections are authenticated by OS, no password file is used.
Moreover, the five entries of password file have to be intended as DISTINCT users, but you may have a much higher number of connections. -
Database Login - Can not login as sysdba
I have a userid for a database on a separate server. I can login as sysdba on the server with the database and from the OEM server. I can not login as sysdba from OEM. Is there a change that needs to be made to the password file or does there need to be password file on the OEM repository server?
What do you mean with OEM server here? Centralized gridcontrol server? That's a different concept, you connect to a specific administration user (often SYSMAN), 'sysdba' is not applicable here. Otherwise a server, which hosts a standalone DBConsole is not different from any other database server.
Werner -
Disable login as sysdba without password
Hi,
we are hosting our environment externally with a hosting company and wanted to know if there was anyway of disabling (from within the database) login "/ as sysdba" without having to provide a password.
The scenario we are trying to avoid is a malicious OS administrator putting themselves into the dba/ora_dba group and then setting the sqlnet.ora parameter SQLNET.AUTHENTICATION_SERVICES = (NTS) and then being able to login to the database without out having to provide a password and being able to view very sensitive data??
any help much appreciated.It sounds like you have a managed hosting company. You need to discuss with the hosting company what types of access they need in order to perform their management functions and limit the admins at the hosting company to an account that does not allow them to add them selves to the dba/ora_dba group or perform any other functions that you do not wish them to perform.
-
How can i find out how many users can login as sysdba using password file
can any one please tell me how can i find out how many users can login as sysdba using password file
please reply
asifSYS@db102 SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP
SYS TRUE TRUE
SYS@db102 SQL> -
Only able to login as sysdba?
I just installed 11g2 on Redhat 5. I logged in using sqlplus as follows:
$sqlplus sys/abcabc as sysdba
I created a user as follows:
sqlplus> create user "xyz"
profile "DEFAULT"
identified by "abcabc"
default tablespace "MYTAB"
temporary tablespace "TEMP"
account unlock;
sqlplus> grant dba to "xyz"
sqlplus> commit;
sqlplus reported user created and dba granted. No errors were repored by sqlplus.
Now when I try to login as follows:
$sqlplus xyz/abcabc
I get a login prompt again and after 3 retries, I'm kicked out.
BUT, if I login as follows:
$sqlplus xyz/abcabc as sysdba
I get logged in.
What could be the problem? I've followed the exact same procedure for creating a user many times before and it always worked. What is different this time that I need to login as sysdba?
Thankssb92075 wrote:
Aman.... wrote:
Not sure how it worked for you in the past but its not a good way to create usernames and passwords.
Aman....different version behave differently regarding usernames & passwordsYep, just noticed that OP is using 11.2 which has case-sensitive passwords .
Aman.... -
Cannot login as sysdba in Oracle Enterprise Management Console
Hi,
I have recently installed Oracle 9.2.0.4 in Red Hat Linux 9.
I ran "oemapp console" to launch the Oracle Enterprise Manager Console Standalone. However, everytime I tried to login as:
user: sys
password: <sys password>
connect as: sysdba
I always get ORA-01031: insufficient privileges.
The Oracle database where I cannot connect as sysdba in OEM was created MANUALLY.
However, I can successfully login to OEM as sysdba if the database was created using Database Configuration Assistant...
So I might have missed out some configurations when I creasted the database MANUALLY...
any ideas??
Thanks in Advance
Regards
PrasannaHi there once more,
Of course it is possible that user system has the same problems as user sys (insufficient privs)....
In that case try to log on as internal/pwd@dbname as sysdba to perform the trick.
Good luck!
Regards,
Georges.
Maybe you are looking for
-
Is it possible to buy iPhone 4 without a simlock
Hi I am from Turkey and will be visiting USA. Im thinking of buying an iPhone 4 without a contract as its much cheaper there(about 1/3 of the price of here). But as far as i read on the internet even if you buy without a contract the phones come with
-
How To: write a logo image in a list display report
I have a simple list report that I create with a bunch of write statements. How can I insert a Logo image on this report ? I have my Logo image loaded in SE78 as a bitmap graphic. Not sure if with the write statement, I can write out this logo on my
-
Calendar is incessantly posting error messages that it cannot change or delete an event on my Exchange calendar. I have tried the "revert to server, try again, and ignore" more times than I can count. I even deleted the exchange from my connection
-
How can I get my homepage to load on startup?
My Yahoo homepage used to load on startup before I installed OS update. How can I get it to load automatically again?
-
Verify date format in module pool
Hi all, I am working in module pool. My requirement needs to verify the date format in dd.mm.yyyy. If the entered date format is yyyy.mm.dd, then prompt error message. Can this be done? Please advise.