Home arrow Oracle arrow Passwords and User Accounts for Oracle Database XE

Passwords and User Accounts for Oracle Database XE

In this third part of a 10-part article series on securing Oracle Database XE, you'll learn about the role played by passwords and user accounts. This article is excerpted from chapter 31 of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

  1. Passwords and User Accounts for Oracle Database XE
  2. User Accounts
By: Apress Publishing
Rating: starstarstarstarstar / 0
December 23, 2010

print this article



Creating or Re-creating the Password File

Although a default installation of Oracle Database XE will automatically create a password file, there are occasions when you may need to re-create one if it is accidentally deleted or damaged. Theorapwd command will create a password file with a single entry for theSYSuser and other options, as noted, when you run theorapwd command without any options:

C:\> orapwd
Usage: orapwd file=<fname>password=<password>entries=<users>force=<y/n>

file - name of password file (mand),
password - password for SYS (mand),
entries - maximum number of distinct DBA and
force - whether to overwrite existing file (opt),
OPERs (opt),
There are no spaces around the equal-to (=) character.


Once you re-create the password file, you will have to grant theSYSDBAandSYSOPERprivileges to those database users who previously had those privileges. In addition, if the password you provide in theorapwd command is not the same password that theSYS account has in the database, you will have to change theSYS account’s password the next time you are connected to the database so that the password in the database and the password in the password file stay in sync.

The system initialization parameterREMOTE_LOGIN_PASSWORDFILEcontrols how the password file is used for the database instance. It has three possible values:NONE,SHARED, andEXCLUSIVE.

If the value isNONE, Oracle ignores any password file that exists. Any privileged users must be authenticated by other means, such as by operating system authentication, which is discussed in the next section.

With a value ofSHARED, multiple databases can share the same password file, but only theSYS user is authenticated with the password file, and the password forSYScannot be changed. As a result, this method is not the most secure, but it does allow a DBA to maintain more than one database with a singleSYSaccount.

Tip  If you must use a shared password file, ensure that the password forSYSis at least eight characters long and includes a combination of alphabetic, numeric, and special characters to defend against a brute-force attack.

A value ofEXCLUSIVEbinds the password file to only one database; other database user accounts can exist in the password file. As soon as you create the password file, use this value to maximize the security ofSYSDBAorSYSOPERconnections.

The dynamic performance viewV$PWFILE_USERSlists all the database users who have eitherSYSDBAorSYSOPERprivileges, as shown here:

SQL> select * from v$pwfile_users;

USERNAME                   SYSDB SYSOP
-------------------------- ----- -----
SYS                        TRUE  TRUE
RJB                        TRUE  FALSE SYSTEM                     TRUE  FALSE


>>> More Oracle Articles          >>> More By Apress Publishing

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Oracle Java Security Woes Continue
- Oracle's New IaaS Cloud Option: There's a Ca...
- Oracle Acquires Eloqua to Boost Cloud Presen...
- Choosing Innovation: Oracle Survey Insights
- Oracle Fixes Privilege Escalation Bug
- Oracle`s Communications Service Availability...
- Oracle Releases Exalytics, Taleo Plans
- Oracle Releases Communications Network Integ...
- Oracle Releases Communications Data Model 11...
- Oracle Releases PeopleSoft PeopleTools 8.52
- Oracle Integrates Cloudera Apache Distro, My...
- Oracle Releases MySQL 5.5.18
- Oracle Announces NoSQL Database Availability
- Sorting Database Columns With the SELECT Sta...
- Retrieving Table Data with the LIKE Operator

Developer Shed Affiliates


Dev Shed Tutorial Topics: