Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: userid & Password

RE: userid & Password

From: Dennis Taylor <ismgr_at_pctc.com>
Date: Wed, 01 Nov 2000 11:24:14 -0800
Message-Id: <10667.120843@fatcity.com> 





I'm not an expert on the specific internal workings of sql*net, but in some
way the username and password are actually sent to the server over the
network connection (by this time I'm sure the listener has handed it off).
The server does a one-way hash of the username/password, then compares the
result with the hashed record found on the server. If they don't match, you
don't get a session.



I would *hope* that it isn't done in clear....



At 10:06 AM 11/1/00 -0800, you wrote:


>Hi dennis,

>

>i.e the user hasnt logged in yet. when he tries to

>login to the database how does the front end check

>with the databases userid & password since the

>password is in encrypted form in the database.

>



---
Dennis Taylor
---
Don't worry about people stealing your ideas.  If your ideas
are any good,
you'll have to ram them down people's throats.


Received on Wed Nov 01 2000 - 13:24:14 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US