| Lesson 6 || Changing the System Passwords |
| Objective || Change the passwords for the SYS and SYSTEM users. |
Changing System Passwords
When to change default passwords
In practice, I often don't change the default passwords until I've gone through all the other database creation tasks that you will read about in this module. On an experimental database, I sometimes don't change them at all. That's certainly not a best practice. If you choose not to change your passwords from their defaults, at least be cognizant of the security risk. Anyone who knows anything about Oracle8 will be able to do anything they want to your database. When you change these passwords is probably not as important as making sure that you do change them., However, changing them sooner rather than later reduces your exposure to risk.
After you have successfully executed the CREATE DATABASE command, you will have a database with two users: SYS and SYSTEM. Their passwords are CHANGE_ON_INSTALL and MANAGER, respectively.
Everyone who works with Oracle8 knows about these default passwords, so you should immediately change them to something that only you know. The ALTER USER command is used to change passwords, and it can be executed from Server Manager after the CREATE DATABASE command has finished. The following example shows the SYS and SYSTEM passwords being changed to lampdesk and dogtoad,
SVRMGR> CONNECT INTERNAL
SVRMGR> ALTER USER sys IDENTIFIED BY lampdesk;
SVRMGR> ALTER USER system IDENTIFIED BY dogtoad;
Pick two passwords not the ones that I used here and take a moment now to issue the appropriate ALTER USER to change the SYS and SYSTEM passwords for your new COIN database.