Changing the SYS Password

Posted: March 5, 2014 in Database Administration
Tags: , ,

In my previous endeavor, I worked for a DOD Contractor with a security clearance in a basement with no windows. Needless to say, the organization had/has a strict password policy. The policy itself may be classified so I will not share this.

About seven months ago, I left the DOD community to go to work in the commercial world. Without indulging too many details, their password policy is a bit more lenient. Now that I have the lay of the land, so to speak, it is time to implement a password policy. This two word phrase is a source of frustration for most Oracle Users but is a way of life for Oracle DBA’s. Up until recently, I was afraid to change the SYS password because…

  • The previous DBA never changed it…
  • Many jobs run in the background as SYS

Although my fear of screwing something up is real, my fear of sql injection or worse, is greater. So I consulted Google and askTom helped to relieve my first fear. I read these two articles before proceeding…  <http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:670117794561><https://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1792735500346727875> For OEM12C users, this You Tube video was also helpful… <http://www.youtube.com/watch?v=vPmcuSs0S84&gt;

What I found was, the only user or process that may suffer is you. You will need to change your named credentials for SYS on your OEM and whatever other database development tools you use to log into the database as SYS.

I prefer to execute password changes from the sqlplus console in UNIX(I use putty).

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options

SQL>ALTER USER SYS IDENTIFIED BY PASSWORD;

SQL>EXIT

As listed above, change the named credentials in all of your database tools. It is also advisable that the password be shared with another individual who has privileged user status within the company.

Thoughts??

~Jason Brown

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s