Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Change password pl/sql?
"Daniel Morgan" <damorgan_at_x.washington.edu> wrote in message
news:1068795370.111161_at_yasure...
> Kirmo Uusitalo wrote:
> > Hi Pete,
> >
> > Thanks for this information. The use of sql*plus password command is
> > out as we need to implement this inside an application.
> >
> > To me it seems kind of silly that there is no API to calculate the
> > hash from the plaintext password.
> >
>
> You mean a function that would make it easy for crackers to break into
> Oracle databases? Ooooh sign me up. I want Oracle to make my databases
> easier to break into. Me first. Me first.
>
> Sarcasm aside ... surely you jest.
> --
Come on, Daniel, you really should read up a bit on security and hashing.
Having the hash function documented and available is no security threat at
all. In fact, it is standard practce in most other password schemes. The
real threat comes from "security through obscurity" as Ocacle is practizing
here.
regards,
rob van lopik
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.538 / Virus Database: 333 - Release Date: 12-11-2003Received on Fri Nov 14 2003 - 03:56:32 CST