Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: SQL*net and secuity

Re: SQL*net and secuity

From: <rwessman_at_us.oracle.com>
Date: 03 Nov 1998 16:31:33 -0500
Message-ID: <uogqo31l6.fsf@us.oracle.com> 





Dean Mah <dmah_at_acs.ucalgary.ca> writes:



> From the Oracle7 Server Administrator's Guide under the section


> Establishing Security Policies:


> 




<Good security ideas snipped.>


> 


> Also, in the past, when using SecurID, we were unable to set


> ORA_ENCRYPT_LOGIN to true and have authentication succeed.  Encrypting


> the username and passcode seemed to conflict with SecurID and so the


> database would only accept logins when the username and passcode were


> sent in cleartext.




Only passwords are encrypted. Usernames are always sent in the clear.



For reasons having to do with the architecture of Oracle, SecurID passcodes
cannot be encrypted. However, this shouldn't be a problem since passcodes
change rapidly.



However, it is a small hole and we are working on a fix.



> 


> I have since received a newer version of the Advanced Networking Option


> but have not tried it recently.




The problem is still there in the latest version of the Oracle client.


                                        Rick
                                        Rick Wessman
                                        Security and Directory Technologies
                                        Server Technologies
                                        Oracle Corporation
                                        rwessman_at_us.oracle.com




Received on Tue Nov 03 1998 - 15:31:33 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US