Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Security in ORACLE
Hello everybody,
I started to create a new security concept for a
database at our university. So I have a few newbie
questions.
Yesterday I read the Oracle8 Server Administration
Guide (ORACLE8) in Chapter 19 there is the following
text:
Secure Connections with Encrypted Passwords
To better protect the confidentiality of your password,
ORACLE can be configured to use encrypted passwords for
client/server and server/server connections.
By setting the following values, you can require that the
password used to verify a connection always be encrypted:
-Set the ORA_ENCRYPT_LOGIN environment variable to TRUE on
the client machine.
-Set the DBLINK_ENCRYPT_LOGIN server initialization parameter
to TRUE.
If enabled at both the client and server, passwords will not
be sent accross the network in the clear, but will be encrypted
using a DES algorithm.
So my question is:
1.) Did I have to set the ORA_ENCRYPT_LOGIN to TRUE on the client
and on the server?
2.) What is the easiest way to test if the password is encrypted
sent over the network?
Later in the same chapter they describe how to use your own password verification routine. Does anybody has some opinion what should be included in such a routine? Or does anybody has a good example ?
Many thanks in advance,
-Marco Koch