删除 SYS 和 SYSTEM 帐户,好主意吗?

Drop SYS and SYSTEM accounts, good idea?

我是 Oracle 新手,目前正在加固数据库。 删除 SYS 和 SYSTEM 用户是个好主意吗?由于安全原因,默认帐户通常会被删除,我可以在 Oracle 上这样做,否则我会破坏某些东西吗?谢谢你的建议:)

这是一个非常糟糕的主意。我认为没有它们数据库甚至无法工作,并且怀疑是否允许删除。请确保帐户安全。

From the documentation(强调已加):

All databases include the administrative accounts SYS, SYSTEM, and DBSNMP. Administrative accounts are highly privileged accounts, and are needed only by individuals authorized to perform administrative tasks such as starting and stopping the database, managing database memory and storage, creating and managing database users, and so on. You log in to Oracle Enterprise Manager Database Express (EM Express) with SYS or SYSTEM. You assign the passwords for these accounts when you create the database with Oracle Database Configuration Assistant (DBCA). You must not delete or rename these accounts.

And:

All base (underlying) tables and views for the database data dictionary are stored in the SYS schema. These base tables and views are critical for the operation of Oracle Database.

所以不,这不是一个好主意,它会破坏你的数据库。


normally default accounts are dropped because of security reasons, I can do that on Oracle, or I will break something?

上面的第一个文档link也说(再次强调):

All databases also include internal accounts, which are automatically created so that individual Oracle Database features or components such as Oracle Application Express can have their own schemas. To protect these accounts from unauthorized access, they are initially locked and their passwords are expired. (A locked account is an account for which login is disabled.) You must not delete internal accounts, and you must not use them to log in to the database.

它提到了示例架构帐户,您可以选择不首先安装,但如果需要也可以删除。

最主要的是确保所有帐户的安全,您应该限制您创建的任何帐户只拥有必要的最低权限。

您还可以阅读更多相关内容 in the database administrator's guide,