Re: Calculated passwords ?

Daniel Morgan wrote:

> I don't say this to be insulting but it is readily apparent that your
> understanding of Oracle security is minimal.

I don't find it insulting. I am app developer and see oracle as a tool to store data and execute queries as i would see notepad.exe as a tool to edit texts :-)

> If Oracle's standard security is
> sufficient for NSA, FBI, CIA, NYSE, and almost every bank on the planet I am
> quite sure it will somehow manage to make it past your requirements

Well, i think their requirements are different from mine. Not that i could prove it, but i expect them to have things like admins to set up and maintain their oras ;-)

I on the other hand usually have a personal oracle or little server sitting on some NT box at the customer.

Saying that, i guess login security isn't THAT relevant in an scenario where the user can directly reach the database files ... hmm..

> Instead of spending your time with bubblegum and rubberbands spend the same
> time learning that which already exists.

Well, the security boost would probably be worth about 8 hours of learning. Any recommended good reading?

> When you understand roles, profiles, password verify functions, invited_nodes,
> excluded_nodes, AFTER LOGON triggers, and the rest of what is available you
> still think you have a security problem please let us know.

Ah thanks, i will read a bit of these keywords to check which of these are suitable to prevent a user with a valid user,role, on a valid PC, and knowning the password from last login from logging in again.

-- 
                                                   Andreas
To boldly go where no sane person has gone before