Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> passwords in clear text and password protected roles bypass

passwords in clear text and password protected roles bypass

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Sun, 14 Mar 2004 19:13:58 +0000
Message-ID: <S0e0ljA27KVABxaP@peterfinnigan.demon.co.uk> 





Hi Everyone,



Further to Nuno's question last week I have just put two short papers on
my website, the first discussing clear text password transmissions when
changing a users password in the database which i showed in my post last
and the second discussing the same issue with set role {blah} identified
by {blah}. 



The second paper also discusses an issue I found whereby you can bypass
the password protection assigned to a role. Both papers describe the
issues and also suggest possible solutions. The papers are available
from:



http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and


http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m



Hope you find them useful.



kind regards



Pete


-- 



Pete Finnigan


email:pete_at_petefinnigan.com


Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.





Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.


--



Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html


Received on Sun Mar 14 2004 - 14:00:35 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US