Re: Interesting info about Oracle

TM wrote:

> "Volker Hetzer" <volker.hetzer_at_ieee.org> wrote in message news:<bd7dbs$ru3$1_at_dackel.pdb.sbs.de>...
>
> > I've heard that db2 passwords sit unencrypted in the first datafile
> > (unbelievable for me, so you want to check this).
>
> Yes, unbelievable. You've "heard" that from Noons. IMHO you should
> be more selective with your sources, since this is barely more
> accurate than his usual stuff. There is however a tiny grain of truth
> behind his outlandish claim, so I'll clarify...
>
> The file Noons is talking about is db2cli.ini, which is not a DB2 data
> file as you might just possibly guess from the name. What it *is* is
> the DB2 ODBC/CLI *client* (i.e. nothing to do with DB2 server at all)
> configuration file; the Oracle equivalent would be called odbc.ini I
> believe. Now in this file the DB2 client GUI will, if you make it,
> store your password, unencrypted, in the standard PWD field, just like
> the PWD field would contain Oracle ODBC user passwords unencrypted, if
> I'm not mistaken. Not a good idea perhaps, but not really Oracle or
> IBM's fault seeing that ODBC is a Microsoft standard.
>
> In point of fact, because the DB2 DBMS uses the server or client
> operating system to authenticate users, it has no need to store
> passwords.
>
> Hope this clears that up.
>
> TM

Put in other terms ... DB2 has no security unless one purhases Tivoli or other products in addition to the database.

Every product has its own strengths and weaknesses. If the point of what you are posting is to start a flame war
by all means repost at alt.test and everyone will join in.

--
Daniel Morgan
http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)