| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: capture oracle pwd change in 3rd party application. help needed
Anurag Varma wrote:
>
>
> "Daniel Morgan" <damorgan_at_x.washington.edu
> <mailto:damorgan_at_x.washington.edu>> wrote in message
> news:1068245466.11957_at_yasure...
> Pete Finnigan wrote:
>
>>>> My objection is that it would take me a matter of minutes to
>>>>
>>>>
>>> make myself an account on another
>>> machine on which I had no permissions. It is a hacker's delight.
>>>
>>>
>>
>>Hi Daniel,
>>
>>I think there is another point to make here is that we are not
>>implementing this but just discussing possible solutions without knowing
>>the application or architecture, tools, requirements etc.... I would say
>>that a script to synchronise password hash values should be run in a
>>secure manner and also would not add new accounts, just synchronise old
>>ones. I would also re-iterate this isn't the way to fix an issue like
>>this, why does this application need to have synchronised access to two
>>databases? and why isn't the manufacturer involved.
>>
>>kind regards
>>
>>Pete
>>
>>
> My personal opinion? The person asking the question is trying to
> crack a database.
> I've never seen an application with this architecture in 34 years
> in the business.
>
> I'd really like to be wrong.
>
>--
>Daniel Morgan
>http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
>http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
>damorgan_at_x.washington.edu
>(replace 'x' with a 'u' to reply)
>
>--------------
>
>Actually one of the databases I manage runs on an application which does
>
>something similar (Not the synchronization .. but the way it creates application accounts ...
>
>by creating an Oracle account). The application being Bladerunner.
>
>If you ever get a chance .. run (really fast) away from it.
>
>:0)
>
>Anurag
>
>
>
I'll do that.
BTW: I've tried to email you off-line and failed. Please send me your actual email address off-line. Thanks.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Sat Nov 08 2003 - 11:10:10 CST
 |
 |