Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Change password pl/sql?

Re: Change password pl/sql?

From: Robert A.M. van Lopik <lopik_at_mail.telepac.pt>
Date: Fri, 14 Nov 2003 09:56:32 -0000
Message-ID: <bp29r4$1jl0nt$1@ID-191217.news.uni-berlin.de> 






"Daniel Morgan" <damorgan_at_x.washington.edu> wrote in message
news:1068795370.111161_at_yasure...


> Kirmo Uusitalo wrote:

> > Hi Pete,

> >

> > Thanks for this information. The use of sql*plus password command is

> > out as we need to implement this inside an application.

> >

> > To me it seems kind of silly that there is no API to calculate the

> > hash from the plaintext password.

> >

>

> You mean a function that would make it easy for crackers to break into

> Oracle databases? Ooooh sign me up. I want Oracle to make my databases

> easier to break into. Me first. Me first.

>

> Sarcasm aside ... surely you jest.

> -- 



Come on, Daniel, you really should read up a bit on security and hashing.
Having the hash function documented and available is no security threat at
all. In fact, it is standard practce in most other password schemes. The
real threat comes from "security through obscurity" as Ocacle is practizing
here.



regards,


rob van lopik



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.538 / Virus Database: 333 - Release Date: 12-11-2003


Received on Fri Nov 14 2003 - 03:56:32 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US