Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: SQL*Net/Net8 and plain text passwords

RE: SQL*Net/Net8 and plain text passwords

From: MacGregor, Ian A. <ian_at_SLAC.Stanford.EDU>
Date: Sun, 11 Jun 2000 11:37:49 -0700
Message-Id: <10525.108569@fatcity.com> 





Oracle encrypts passwords by default.  I believe this began wit SQL*NET 2.1.
However, if you do  not have the parameter, ORA_ENCRYPT_LOGIN,
set to ,true, in the sqlnet.ora file of the client, then Oracle under
certain circumstances, will send the password is plain text, after trying
and failing with the encrypted password.  There is also an init.ora
parameter, DBLINK_ENCRYPT_LOGIN which controls this behavior on database
links.



The password will be sent in plain text between web browsers and your web
server unless you have protected the ports via SSL.



Ian MacGregor


Stanford Linear Accelerator Center


ian_at_slac.stanford.edu


-----Original Message-----


From: Sherwin Anthony Sequeira [mailto:sherwin_at_sequeira.ezesurf.co.uk]
Sent: Friday, June 09, 2000 3:14 PM


To: Multiple recipients of list ORACLE-L
Subject: SQL*Net/Net8 and plain text passwords




Hi fellow (this includes males and females) DBAs,



        I have an application that connects to an Oracle database via a Web 
Server, machine from is Unix or NT, and machine to can be Unix or NT.



        The customer's concern is passwords being sent over SQL*Net/Net8.



        I have reassured him that plain text passwords will not be sent over



the network.  I mentioned OS authentication, which I am sure will work. 
 I am also sure that there is a Net parameter for encryption.



        Any ideas?  I am @ home now after a long hard weeks work, with no 
documentation available, except on the laptop, and that is giving up 
the ghost.



        Any hints, tips. pointers, URL's, direct experience, even that it 
can't be done?



        Regards and TIA.



Tony




-- 
Author: Sherwin Anthony Sequeira
  INET: sherwin_at_sequeira.ezesurf.co.uk

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Sun Jun 11 2000 - 13:37:49 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US