Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle client security

RE: Oracle client security

From: Jesse, Rich <Rich.Jesse_at_quadtechworld.com>
Date: Mon, 9 Aug 2004 09:04:11 -0500
Message-ID: <FBE1FCA40ECAD41180400050DA2BC54004E93C2A@qtiexch2.qgraph.com>


Excellent! I'll file this under "Good Things To Know".

And now I know The Rest Of The Story.

Good day!

Rich

Rich Jesse                        System/Database Administrator
rich.jesse_at_quadtechworld.com      QuadTech, Sussex, WI USA


-----Original Message-----
Sent: Saturday, August 07, 2004 3:57 PM
Subject: Re: Oracle client security

>
>True, though I did pull that from the 9.2.0 docs. It is apparently
>a documentation bug, as 9i supposedly always encrypts passwords
>and never sends them in the clear. Haven't tested it though.
>
>Jared

Hi Jared,

The parameters are supposedly not used or rather ignored from 9iR2 (It could be 9iR1 as I have heard this for both versions) as all retries are encrypted by default. I tested this over a year ago when discussing it with Don Granaman who was involved in the CIS Oracle benchmark. We could not find a way to get a second try in clear text on 9i. This "functionality" the second try in clear text was added to allow connection to older databases that didn't support the encrypted password exchange (7.1 and down i believe).

Rich, The way to secure the client then seems to be to ensure at least 9iR1 or 9iR2 clients are used.=20

Kind regards

Pete



Please see the official ORACLE-L FAQ: http://www.orafaq.com

To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Received on Mon Aug 09 2004 - 09:00:04 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US