Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Calculated passwords ?

Re: Calculated passwords ?

From: Andreas Koch <mail_at_kochandreas.com>
Date: Thu, 15 Aug 2002 21:32:09 +0200
Message-ID: <ajgvvo$3om$05$1@news.t-online.com> 





Daniel Morgan wrote:



> Gladly. Give me five seconds as SYS writing an AFTER LOGON trigger and I

> can render that a complete impossibility. I can force a single userid and

> password to only work with a single IP address using a single network

> protocol, using a single front-end appilcation, from a single named

> workstation. And lock them out of the database forever if they fail.




You can detect the front-end application? Whichever interface it
uses? That would be sufficient - any hints?




> And sniffing on a network looking for Oracle passwords will get you

> something ... but it will not get you the passwords.




No? As far as i know SQL*Net standard installation doesn't use
encryption, and there are frameworks to access oracle without
installing SQL*Net, too. I didn't try it, but why shouldn't you
recieve passwords in that cases?


-- 
                                                   Andreas
To boldly go where no sane person has gone before


Received on Thu Aug 15 2002 - 14:32:09 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US