Re: Capturing user / password For Failed Logins
From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Thu, 14 Jan 2016 10:43:38 -0500
Message-ID: <5697C22A.8070903_at_gmail.com>
On 01/14/2016 08:34 AM, Scott Canaan wrote:
>
> We have an application that is getting an ORA-01017 when trying to
> connect to the database. This is a new environment for this
> application. In the past, the application was running on one server
> and the database on another. To attempt to speed things up, we’ve
> co-located the application and database, along with an upgrade to
> Oracle 12.1.0.2. In doing so, I installed both the Oracle database
> software and Oracle client software in the same Oracle Home. The idea
> is to use a bequeath connection and bypass the network to eliminate
> the network traffic.
>
> If the user uses SQL*Plus, they can connect to the database. Using
> the same login, the application itself gets the ORA-01017. It is a
> COBOL application. The vendor is insisting that they are passing the
> correct password. The SA is insisting that I have to turn some
> tracing on to show the password being passed in. As far as I know,
> the password is encrypted in the login process.
>
> Is there any way to get this information? The vendor refuses to help
> us until we can prove that the password being sent is wrong.
>
> Scott Canaan ’88 (srcdco_at_rit.edu <mailto:srcdco_at_rit.edu>)
>
> (585) 475-7886 – work (585) 339-8659 – cell
>
> “Life is like a sewer, what you get out of it depends on what you put
> into it.” – Tom Lehrer
>
Hi Scott,
Oracle utilities do not reveal passwords, even for an incorrect attempts, for security reasons. Your best bet is a packet sniffer, like wire shark or tcpdump..
Regards
Date: Thu, 14 Jan 2016 10:43:38 -0500
Message-ID: <5697C22A.8070903_at_gmail.com>
On 01/14/2016 08:34 AM, Scott Canaan wrote:
>
> We have an application that is getting an ORA-01017 when trying to
> connect to the database. This is a new environment for this
> application. In the past, the application was running on one server
> and the database on another. To attempt to speed things up, we’ve
> co-located the application and database, along with an upgrade to
> Oracle 12.1.0.2. In doing so, I installed both the Oracle database
> software and Oracle client software in the same Oracle Home. The idea
> is to use a bequeath connection and bypass the network to eliminate
> the network traffic.
>
> If the user uses SQL*Plus, they can connect to the database. Using
> the same login, the application itself gets the ORA-01017. It is a
> COBOL application. The vendor is insisting that they are passing the
> correct password. The SA is insisting that I have to turn some
> tracing on to show the password being passed in. As far as I know,
> the password is encrypted in the login process.
>
> Is there any way to get this information? The vendor refuses to help
> us until we can prove that the password being sent is wrong.
>
> Scott Canaan ’88 (srcdco_at_rit.edu <mailto:srcdco_at_rit.edu>)
>
> (585) 475-7886 – work (585) 339-8659 – cell
>
> “Life is like a sewer, what you get out of it depends on what you put
> into it.” – Tom Lehrer
>
Hi Scott,
Oracle utilities do not reveal passwords, even for an incorrect attempts, for security reasons. Your best bet is a packet sniffer, like wire shark or tcpdump..
Regards
-- Mladen Gogala Oracle DBA http://mgogala.freehostia.com -- http://www.freelists.org/webpage/oracle-lReceived on Thu Jan 14 2016 - 16:43:38 CET