Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: passwords in clear text and password protected roles bypass

Re: passwords in clear text and password protected roles bypass

From: Mladen Gogala <mladen_at_wangtrading.com>
Date: Mon, 15 Mar 2004 14:05:58 -0500
Message-ID: <20040315190558.GA19813@mladen.wangtrading.com> 





Put DBMS_RANDOM in the script. Be warned, that may produce random
results.



On 03/15/2004 01:50:42 PM, Ravi Kulkarni wrote:


> Great hint, Thank you. 

> Is there a way to avoid(/defer) clear-text-passwords when Creating users ?

> 

> 

> -----Original Message-----

> From: oracle-l-bounce_at_freelists.org

> [mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Pete Finnigan

> Sent: Sunday, March 14, 2004 1:14 PM

> To: oracle-l_at_freelists.org

> Subject: passwords in clear text and password protected roles bypass

> 

> 

> Hi Everyone,

> 

> Further to Nuno's question last week I have just put two short papers on

> my website, the first discussing clear text password transmissions when

> changing a users password in the database which i showed in my post last

> and the second discussing the same issue with set role {blah} identified

> by {blah}. 

> 

> The second paper also discusses an issue I found whereby you can bypass

> the password protection assigned to a role. Both papers describe the

> issues and also suggest possible solutions. The papers are available

> from:

> 

> http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm

> and

> http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht

> m

> 

> Hope you find them useful.

> 

> kind regards

> 

> Pete

> -- 

> Pete Finnigan

> email:pete_at_petefinnigan.com

> Web site: http://www.petefinnigan.com - Oracle security audit specialists

> Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

> 

> ----------------------------------------------------------------

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> ----------------------------------------------------------------

> To unsubscribe send email to:  oracle-l-request_at_freelists.org

> put 'unsubscribe' in the subject line.

> --

> Archives are at http://www.freelists.org/archives/oracle-l/

> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html

> -----------------------------------------------------------------

> 

> ----------------------------------------------------------------

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> ----------------------------------------------------------------

> To unsubscribe send email to:  oracle-l-request_at_freelists.org

> put 'unsubscribe' in the subject line.

> --

> Archives are at http://www.freelists.org/archives/oracle-l/

> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html

> -----------------------------------------------------------------

> 





Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Mon Mar 15 2004 - 13:02:54 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US