Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: capture oracle pwd change in 3rd party application. help needed

Re: capture oracle pwd change in 3rd party application. help needed

From: Anurag Varma <avarmadba.skipthis_at_yahoo.com>
Date: Sat, 08 Nov 2003 05:52:39 GMT
Message-ID: <Hw%qb.5449$y95.2709@nwrdny01.gnilink.net>

  "Daniel Morgan" <damorgan_at_x.washington.edu> wrote in message news:1068245466.11957_at_yasure...   Pete Finnigan wrote:

        My objection is that it would take me a matter of minutes to 
         make myself an account on another 
   machine on which I had no permissions. It is a hacker's delight.     

Hi Daniel,

I think there is another point to make here is that we are not implementing this but just discussing possible solutions without knowing the application or architecture, tools, requirements etc.... I would say that a script to synchronise password hash values should be run in a secure manner and also would not add new accounts, just synchronise old ones. I would also re-iterate this isn't the way to fix an issue like this, why does this application need to have synchronised access to two databases? and why isn't the manufacturer involved.

kind regards

Pete
  My personal opinion? The person asking the question is trying to crack a database.   I've never seen an application with this architecture in 34 years in the business.

  I'd really like to be wrong.

-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)--------------Actually one of the databases I manage runs on an application which doessomething similar (Not the synchronization .. but the way it creates application accounts ...by creating an Oracle account). The application being Bladerunner.If you ever get a chance .. run (really fast) away from it.:0)Anurag
Received on Fri Nov 07 2003 - 23:52:39 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US