Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Restricting access via sqlplus

RE: Restricting access via sqlplus

From: Jacques Kilchoer <>
Date: Thu, 10 Jul 2003 13:44:27 -0800
Message-ID: <>

The problem is that if the decryption and set role were done inside a database package, then that means that the Oracle database user needs execute privilege on the package, and so the user could call the package from inside SQL*Plus on the client. At my old company they were talking about encrypting the network traffic but I left before they implemented that, and I don't know if they ever did.

> -----Original Message-----
> From: Pete Finnigan []
> It sounds like the encrypted password is read by the client? and
> decrypted on the client? or in the database as a package
> procedure?. If
> it was decrypted in the client and then the set role command
> was sent to
> the database the password could be read from the network with a tool
> such as snoop on Unix or using SQL*Net support level trace as
> that shows
> packet contents in the SQL trace. The latter could be setup
> by a user on
> his PC attempt a logon to the database and then read the password from
> the trace file.
> If the decryption and set role were to be done in a package and the
> password is not passed over the network then its better. You
> could also
> encrypt the network traffic of course. But as you say there is still a
> risk from someone discovering the encryption scheme.

Please see the official ORACLE-L FAQ:
Author: Jacques Kilchoer

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Thu Jul 10 2003 - 16:44:27 CDT

Original text of this message