Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Passwords sent from client to server via OCI calls - are

Re: Passwords sent from client to server via OCI calls - are

From: Stefan Jahnke <stefan.jahnke_at_d2vodafone.de>
Date: Wed, 09 May 2001 07:19:46 -0700
Message-ID: <F001.002FDC84.20010509070607@fatcity.com>

Joe Sanderson schrieb:
>
> Hello,
>
> I'm using OCI in my application to connect to the Oracle server (currently
> using orlon call, have not yet moved on to OCILogon). My question is this:
> when the password is sent by the OCI code from the client to the server, is
> the password encrypted? I want to find out if my application will be
> vulnerable to network sniffers or other methods of breaching security in the
> Oracle environment.
>
> I've looked in the Oracle documentation, and have not yet found a way to
> send anything to the orlon call other than the unencrypted password. I have
> also not found any details on what the OCI client side code does with the
> password (if anything) before sending it to the server.
>
> Thanks for any useful replies.
> Joe Sanderson
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Joe Sanderson
> INET: joe.sanderson_at_ecora.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
> -----------------------------------------------------------
> This Mail has been checked for Viruses
> Attention: Encrypted Mails can NOT be checked !
>
> ***
>
> Diese Mail wurde auf Viren ueberprueft
> Hinweis: Verschluesselte Mails koennen NICHT geprueft werden!
> ------------------------------------------------------------

Hi,

I'm not sure, but just run a sniffer. If the passwords aren't encrypted, they show up ... that's it.

-- 
Regards,
Stefan Jahnke
BOV AG
@:D2 Vodafone, Abt.: FIBM
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Stefan Jahnke
  INET: stefan.jahnke_at_d2vodafone.de

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed May 09 2001 - 09:19:46 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US