| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Calculated passwords ?
Andreas Koch wrote:
> Daniel Morgan wrote:
>
> > Gladly. Give me five seconds as SYS writing an AFTER LOGON trigger and I
> > can render that a complete impossibility. I can force a single userid and
> > password to only work with a single IP address using a single network
> > protocol, using a single front-end appilcation, from a single named
> > workstation. And lock them out of the database forever if they fail.
>
> You can detect the front-end application? Whichever interface it
> uses? That would be sufficient - any hints?
>
> > And sniffing on a network looking for Oracle passwords will get you
> > something ... but it will not get you the passwords.
>
> No? As far as i know SQL*Net standard installation doesn't use
> encryption, and there are frameworks to access oracle without
> installing SQL*Net, too. I didn't try it, but why shouldn't you
> recieve passwords in that cases?
>
> --
> Andreas
> To boldly go where no sane person has gone before
Try both sanity and Oracle's most basic architecture documents.
Then search for "Password Encryption"
Daniel Morgan Received on Thu Aug 15 2002 - 17:58:54 CDT
 |
 |