I have two Oracle 11g R1 databases installed on two different machines (Windows XP) connected through a network. The instance name on both machines are the same but, of course, the global name are different.
When I tried logging on from one of machines as SYSDBA using a tnsname naming method, the connection established even if wrong password was incorrect. For me, this is serious security problem.
Any clarification is appreciated.
CODE
C:\Documents and Settings\Administrator>hostname
lab4pc8
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 100.10.101.81
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 100.10.100.155
C:\Documents and Settings\Administrator>sqlplus /nolog
SQL*Plus: Release 11.1.0.7.0 - Production on Tue Mar 2 18:32:28 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
SQL> conn sys/anypassword@hanan as sysdba
Connected.
SQL> show parameter remote
NAME TYPE VALUE
------------------------------------ ----------- ---------
remote_dependencies_mode string TIMESTAMP
remote_listener string
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
result_cache_remote_expiration integer 0
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Pr
oduction
With the Partitioning, OLAP, Data Mining and Real Application Testing options
C:\Documents and Settings\Administrator>tnsping hanan
TNS Ping Utility for 32-bit Windows: Version 11.1.0.7.0 - Production on 02-MAR-2
010 18:52:28
Copyright (c) 1997, 2008, Oracle. All rights reserved.
Used parameter files:
d:\oracle\product\11.1.0\db_1\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
(HOST = 100.10.100.96)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = ora11g.1la
b1)))
OK (20 msec)
lab4pc8
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 100.10.101.81
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 100.10.100.155
C:\Documents and Settings\Administrator>sqlplus /nolog
SQL*Plus: Release 11.1.0.7.0 - Production on Tue Mar 2 18:32:28 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
SQL> conn sys/anypassword@hanan as sysdba
Connected.
SQL> show parameter remote
NAME TYPE VALUE
------------------------------------ ----------- ---------
remote_dependencies_mode string TIMESTAMP
remote_listener string
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
result_cache_remote_expiration integer 0
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Pr
oduction
With the Partitioning, OLAP, Data Mining and Real Application Testing options
C:\Documents and Settings\Administrator>tnsping hanan
TNS Ping Utility for 32-bit Windows: Version 11.1.0.7.0 - Production on 02-MAR-2
010 18:52:28
Copyright (c) 1997, 2008, Oracle. All rights reserved.
Used parameter files:
d:\oracle\product\11.1.0\db_1\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
(HOST = 100.10.100.96)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = ora11g.1la
b1)))
OK (20 msec)