| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: encrypted user/passwd connection
Couldn't this whole thing be part of the "How does a DBA get a password?"
thread?
Just thinking virtually outloud...
Rich
Rich Jesse System/Database Administrator Rich.Jesse_at_qtiworld.com Quad/Tech International, Sussex, WI USA
> -----Original Message-----
> From: Rajesh.Rao_at_jpmchase.com [mailto:Rajesh.Rao_at_jpmchase.com]
> Sent: Tuesday, January 07, 2003 2:30 PM
> To: Multiple recipients of list ORACLE-L
> Subject: RE: encrypted user/passwd connection
>
>
>
> Jared,
>
> The ORA_ENCRYPT_LOGIN is not a database parameter, but an environment
> variable to be set on clients. Maybe Platform specific. Not
> sure. I have
> never used this, just remembered reading about them in some security
> document.
>
> Got it. Saved under favourites.
> http://documents.iss.net/literature/DatabaseScanner/reports/or
> acle/OraPolicy.pdf
>
> Raj
>
>
>
>
>
>
> Jared.Still_at_r
>
> adisys.com To:
> ORACLE-L_at_fatcity.com
> cc: Rajesh
> Rao/JPMCHASE_at_CHASE
> January 07, Subject: RE:
> encrypted user/passwd connection
> 2003 02:59 PM
>
>
>
>
>
>
>
>
>
> Thanks Raj.
>
> I would think that the default being set to 'always encrypt' would be
> more reasonable,
>
> In checking the parameters via
>
> select
> a.KSPPINM NAME,
> a.KSPPDESC DESCRIPTION,
> b.KSPPSTVL VALUE,
> b.KSPPSTDF ISDEFAULT
> from X$KSPPI a, X$KSPPCV b
> where a.indx = b.indx
> and a.KSPPINM like '%crypt%'
> order by name;
>
> .. I found that only the dblink_encrypt_login parm was available.
>
> This is on 7.3.4, 8.0.6, 8.1.7 and 9.2.0.
>
> Where does ORA_ENCRYPT_LOGIN get applied?
>
> Jared
>
>
>
>
>
>
>
>
> Rajesh.Rao_at_jpmchase.com
> Sent by: root_at_fatcity.com
> 01/07/2003 07:03 AM
> Please respond to ORACLE-L
>
>
> To: Multiple recipients of list ORACLE-L
> <ORACLE-L_at_fatcity.com>
> cc:
> Subject: RE: encrypted user/passwd connection
>
>
>
> "All oracle passwords are encrypted" is not a true statement.
> Failed login
> attempts, are retried by sending the password in an
> unencrypted format.
> Atleast, until 8.1.7. To avoid which, ORA_ENCRYPT_LOGIN variable and
> DBLINK_ENCRYPT_LOGIN parameter (for retried attempts across
> database link)
> should be set to TRUE.
>
> I could stand corrected though.
>
> Raj
>
>
>
>
>
> Sony kristanto
> <Sony_at_polyfinca To: Multiple
> recipients of
> list ORACLE-L <ORACLE-L_at_fatcity.com>
> nggih.com> cc:
> Sent by: Subject: RE: encrypted
> user/passwd connection
> root_at_fatcity.co
> m
>
>
> January 07,
> 2003 01:53 AM
> Please respond
> to ORACLE-L
>
>
>
>
>
>
> You're right Jared, all oracle password is encrypted. Btw
> Andrey if it is
> possible how to do it ?
>
> > -----Original Message-----
> > From: Jared Still [SMTP:jkstill_at_cybcon.com]
> > Sent: Tuesday, January 07, 2003 11:04 AM
> > To: Multiple recipients of list ORACLE-L
> > Subject: Re: encrypted user/passwd connection
> >
> >
> > Andre,
> >
> > Oracle does not send passwords across the network
> > in clear text, they are encrypted by default.
> >
> > Jared
> >
> > On Monday 06 January 2003 05:43, Andrey Bronfin wrote:
> > > Dear list !
> > > I have just been asked the following question:
> > > is it possible to make a connection from an Oracle client
> to an Oracle
> > > instance (both are 8.1.7) in an "encrypted" way.
> > > I.e. if someone is sitting with a sniffer between the
> server and the
> > > client, then i don't want him to be able to see the
> user/passwd i'm
> > > connecting with. Again , i am NOT asking how store the
> data in the DB
> in
> > an
> > > "encrypted" way, but how to connect to an instance
> without showing my
> > > passwd.
> > > Thanks a lot!
> > > Andrey.
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jesse, Rich INET: Rich.Jesse_at_qtiworld.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Jan 07 2003 - 16:45:41 CST
 |
 |