Re: SQL*Net

A copy of this was sent to "Sybrand Bakker" <postbus_at_sybrandb.demon.nl> (if that email address didn't require changing) On Tue, 15 May 2001 20:21:52 +0200, you wrote:

>
>"TurkBear" <noone_at_nowhere.com> wrote in message
>news:5km2gt8s1f5j9kl9i719dl3q3s2a5cdgqf_at_4ax.com...
>> The database does the authentication ( or you can set it up to do OS
>> authentication ) at its end, not at the client...I believe, however, the
 SqlNet
>> transmits its login info ( username, password, servicename ) over the
 network in
>> clear text, so 'sniffers' may be able to see it..
>>
>> "Wanghin" <whtoh_at_deloitte.com.sg> wrote:
>>
>> >Hi,
>> >I was wondering how will installation of SQL*Net on the client affect the
>> >security of the access to the oracle database?
>> >
>> >Heard from someone that sql*net does not authenicate users when they try
 to
>> >connect from client side.
>> >
>> >thanks in advance.
>> >
>>
>
>Yeah, it does. But the Enterprise Edition comes with the Advanced Networking
>Option, which will allow you to encrypt *everything* (including your data),
>using various well-known protocols.
>So there shouldn't be any concern about sqlnet, provided you want to spend
>the $$.
>

*no* it doesn't. the passwords are *not* transmitted in clear text. this can be verified by setting the client trace level to 16 and seeing what is sent back and forth.

>Regards,
>
>Sybrand Bakker, Oracle DBA
>
>

--
Thomas Kyte (tkyte_at_us.oracle.com) Oracle Service Industries
Howtos and such: http://asktom.oracle.com/
Oracle Magazine: http://www.oracle.com/oramag
Opinions are mine and do not necessarily reflect those of Oracle Corp