Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: capture oracle pwd change in 3rd party application. help needed
"Daniel Morgan" <damorgan_at_x.washington.edu> wrote in message news:1068245466.11957_at_yasure... Pete Finnigan wrote:
My objection is that it would take me a matter of minutes to make myself an account on anothermachine on which I had no permissions. It is a hacker's delight.
Hi Daniel,
I think there is another point to make here is that we are not implementing this but just discussing possible solutions without knowing the application or architecture, tools, requirements etc.... I would say that a script to synchronise password hash values should be run in a secure manner and also would not add new accounts, just synchronise old ones. I would also re-iterate this isn't the way to fix an issue like this, why does this application need to have synchronised access to two databases? and why isn't the manufacturer involved.
kind regards
Pete
My personal opinion? The person asking the question is trying to crack a database.
I've never seen an application with this architecture in 34 years in the business.
I'd really like to be wrong.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)--------------Actually one of the databases I manage runs on an application which doessomething similar (Not the synchronization .. but the way it creates application accounts ...by creating an Oracle account). The application being Bladerunner.If you ever get a chance .. run (really fast) away from it.:0)AnuragReceived on Fri Nov 07 2003 - 23:52:39 CST