Wednesday, May 2, 2012

User public in audit trail ???? what

After a call from a application manager that she had seen that a user public tried to login
into a database i of course check the audit trail and yes someone tried to login a user public.

OS_USERNAM USERNAME   USERHOST   TIMESTAMP     ACTION ACTION_NAME     COMMENT_TEXT                    SESSIONID RETURNCODE
---------- ---------- ---------- --------- ---------- --------------- ------------------------------ ---------- ----------
oracle     PUBLIC     spca5003   05-MAY-11        100 LOGON           Authenticated by: OS                   -1          0
srs401p    PUBLIC     spca5003   06-MAY-11        100 LOGON           Authenticated by: OS                   -1          0

So whats up.
Public is not a user nor a role.
SQL> select user#,name,type# from sys.user$ where name = 'PUBLIC';
           user#      name     type#
       --------------------------------
          1         public         0

type 0 means role
type 1 means user

SQL>select * from dba_roles
          where role = 'PUBLIC';

   no rows selected

so no role

SQL>select password from sys.user$
         where name = 'PUBLIC';

          PASSWORD
 -----------------------------------

 So can we login as user public

SQL> conn public
Enter password:
Error:
ORA-01005: null password given; login denied

No you can't login but what if you login like this
SQL> conn / as sysoper
Connected
SQL> show user
USER is "PUBLIC"

So now you login as public can you do something
SQL> create table aap(t1 number) tablespace users;
           ERROR at line 1:ORA-01918: user 'PUBLIC' does not exist

Well so your not user public ??? but if you look in the audit trail

OS_USERNAM USERNAME   USERHOST   TIMESTAMP     ACTION ACTION_NAME     COMMENT_TEXT                    SESSIONID RETURNCODE
---------- ---------- ---------- --------- ---------- --------------- ------------------------------ ---------- ----------
oracle     PUBLIC     spca5003   05-MAY-11        100 LOGON           Authenticated by: OS                   -1          0
oracle     PUBLIC     spca5003   05-MAY-11          1 CREATE TABLE                                           -1       1031
srs401p    PUBLIC     spca5003   06-MAY-11        100 LOGON           Authenticated by: OS                   -1          0

But why someone login as / as sysoper is still under investigation.






No comments:

Post a Comment