Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: ORA_ENCRYPT_LOGIN

RE: ORA_ENCRYPT_LOGIN

From: Richard Huntley <rhuntley_at_mindleaders.com>
Date: Wed, 22 May 2002 08:58:45 -0800
Message-ID: <F001.00467CFF.20020522085845@fatcity.com> 





That's exactly what I want to stop, passwords being sent in the clear.
However, I'm not able to verify it's working so far. I've turned on tracing,
as recommended in another reply on this topic, did a login before enabling
then after enabling this parameter and the differences are very minor and
I'm seeing nothing that specifically points
to this parameter being used other than output saying the parameter is
detected.  How are you all having developers connect to the production box
via SQL*Plus client on developer workstations, so that the password is not
sent in the clear?
 


-----Original Message-----


Sent: Tuesday, May 21, 2002 8:18 PM


To: Multiple recipients of list ORACLE-L




Even without this parameter being set the password is encrypted.  What the
parameter does is stop the password from being sent in the clear if logging
in with the encrypted password fails.   I believe the encryption is a 54-bit
variant of DES.  It is very rare that  someone improves DES by fiddling with
it.  It also always encrypts to the same value and provides no protection
against replay attacks.
 


Ian MacGregor


Stanford Linear Accelerator Center


ian_at_SLAC.Stanford.edu <mailto:ian_at_SLAC.Stanford.edu> 



-----Original Message-----


Sent: Tuesday, May 21, 2002 9:34 AM


To: Multiple recipients of list ORACLE-L




Anyone using this and if so, do you know of a way to verify that the
password is actually being encrypted?
 


Thanks.






-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Richard Huntley


  INET: rhuntley_at_mindleaders.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed May 22 2002 - 11:58:45 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US