Connection to Oracle without a username or password

java oracle jdbc connection

11,737

Solution 1

The JDBC Thin driver is a 100% pure Java implementation that cannot collect the needed information from the operating system.

The JDBC OCI driver can do this! Use jdbc:oracle:oci8:/@MYDBSID, it will require that the Oracle driver be installed on that machine, not a problem if this is a server (and is faster to boot and supports many more features than the thin driver)

Solution 2

The jdbc driver that oracle ships does NOT have the capability of gathering the OS username and password from the URL that you provide it. Suppose, there are 3rd party JDBC driver providers for ORACLE, one of them might provide the functionality that you're asking for. you should google around.

Solution 3

Thanks to those that answered. We've gone with the OCI driver.

I did find documentation to suggest that Oracle 11g does support OS user authentication via the thin driver though:

http://www.orindasoft.com/public/Oracle_JDBC_JavaDoc/javadoc1110/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_THIN_VSESSION_OSUSER

I don't have an 11g setup to test this on, so I can't be certain this works.

Solution 4

OS authentication support in the JDBC thin driver was added in 11g (you can download the JDBC thin driver from 11.2.0.4 on OTN).

Note that you have to allow remote OS authentication on the server (over TCP) otherwise it will only work with sqlplus using IPC or BEQ locally. In your init.ora file, add this:

REMOTE_OS_AUTHENT = TRUE

Then if you user is "osuserdemo" on the client machine, create a database user like this and restart the DB:

 CREATE USER OSUSERDEMO IDENTIFIED EXTERNALLY;
 GRANT CONNECT,CREATE SESSION,RESOURCE TO OSUSERDEMO;

And the JDBC thin driver should be able to connect without any username or password.

It's worth noting that this feature - considered as highly unsecured - has been de-supported in 12c.

View more solutions

11,737

Author by

Jamie Love

Updated on June 09, 2022

Comments

Jamie Love almost 2 years
Oracle has this concept of allowing database users to be identified by the operating system user who is running the program that is connecting to Oracle. See here.

This allows you to do, as that user on a unix machine for example, a command such as:
```
sqlplus /
```
I am attempting to write a Java program for Oracle 10.2 which connects without a username or password. The obvious choice of url:
```
jdbc:oracle:thin:/@localhost:1521:MYDBSID
```
doesn't work, giving an error (Sorry I don't have the error available right now).

I have attempted many other forms of doing this as well, but with no luck.

Does anyone have any suggestions on how I can connect a Java program to Oracle using the OS identification method?
Hans Doggen over 14 years

Just for your information: using the Oracle 11g JDBC thin driver on an Oracle 10g database works with the OS user authentication (I've tested it). But be aware that it is not really secure, as one can programmatically change the property mentioned above. Even if remote OS authentication is not allowed, running a program on the same machine from an unauthorized user is still a high risk in this case.
Nick about 14 years

This is true for older versions of Oracle JDBC Drivers but not true for the newer versions (ojdbc5.jar and ojdbc6.jar). You still have to give the connection the user, but it should work according to the documentation here: download.oracle.com/docs/cd/B28359_01/java.111/b31224/…
johnsam over 9 years

Will the driver work for connection string /@TWO_TASK with Oracle Wallet set up ? Is there any sample Java connection code?