Re: Clear text credentials?
Date: Thu, 3 Mar 2011 13:15:37 +0100
Message-ID: <AANLkTik_FsPeSynMMOS3_Kz-X7H-gKZ0nsWjeMaim=cz_at_mail.gmail.com>
Hi Upendra,
if what you mean with your last question is a toned down oracle software solution à la ASO then the answer is NO. But there are other ways to accomplish the same, i.e. protection from network sniffing and intercepting. To name just three:
ssh tunneling, ipsec (network layer - layer 3 in OSI) or even encrypting network cards. You would have to investigate which option suits you best.
Kind regards,
Andre
2011/3/1 Upendra N <nupendra_at_hotmail.com>
> I found this documentation which confirms that 10g onwards client is
> encrypting the passwords:
>
> http://download.oracle.com/docs/cd/B19306_01/win.102/b14304/admin.htm#sthref294
>
> My other question still stays open.. is there a toned down version of ASO
> (40 or 56-bit) encryption available for free?
> Thanks
> -Upendra
>
>
>
> ------------------------------
> From: nupendra_at_hotmail.com
> To: oracle-l_at_freelists.org
> Subject: Clear text credentials?
> Date: Tue, 1 Mar 2011 14:38:26 -0500
>
>
> Hello guys,
> Question..
> When someone connects from Host_A to Host_B and if the communication is not
> encrypted using Advanced Security Option (ASO) or a similar mechanism, would
> the user credentials be sent in Clear Text? If so, is there a way to secure
> it? The requirement is to protect the username/password without using
> ASO/SSH Tunnel.
>
> If my memory serves correctly, a lower version of ASO (40 or 56-bit)
> encryption is available for free? Is that true?
>
> Your feedback is appreciated.
> Thanks
> -Upendra
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Mar 03 2011 - 06:15:37 CST