Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: ops$/w2k/"secure" connections question

Re: ops$/w2k/"secure" connections question

From: Paul Drake <>
Date: Fri, 17 Aug 2001 14:35:02 -0700
Message-ID: <>

eric harrington wrote:
> I must be missing something. I have Oracle running without any additional
> password security setup and the Oracle user passwords are encrypted. I was
> checking an OCI login and SQL*Plus connection. I have an Oracle white paper
> that discusses this: Client/Server Authentication, Part A32479, April 1995.
> Excerpt follows (my tests confirmed what is indicated below - I had some
> inconsistency with 7.x but in 8.x and higher this assertion is correct).
> Quote: "The Oracle Password Protocol provides security for client-server and
> server-server password communication by encrypting user passwords passed
> over a network. The Oracle Password Protocol uses a session key valid for a
> single database connection attempt to encrypt the user's password. Each
> connection attempt uses a separate key for encryption, making the encryption
> more difficult to decipher. After the key-encrypted password is passed to
> the server, the server decrypts it, then re-encrypts it using a Data
> Encryption Standard (DES) based one-way encryption algorithm and compares it
> with the password stored in the database. If they match, the user
> successfully connects to the database. The Oracle Password Protocol is used
> to encrypt all passwords upon an attempted connection whether local
> connection, client to
> server, or server to server."

Maybe that's why you have to check the box (on Technet before downloading) saying that you won't ship the software off to Libya - as it is classified as munitions.


Please see the official ORACLE-L FAQ:
Author: Paul Drake

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Aug 17 2001 - 16:35:02 CDT

Original text of this message