Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle password strength

Re: Oracle password strength

From: Piotr Kolodziej <pkol_at_otago.gda.pl>
Date: Mon, 1 Mar 1999 10:38:32 +0100
Message-ID: <7bdne3$ppd$1@korweta.task.gda.pl> 





Thomas Kyte wrote in message <36db5875.4192348_at_192.86.155.100>...


>you can develop a crack like program though to probe the userids.  there is


3'rd


>party software that does this (braintree sql secure for example).  You could


do


>it by creating another empty database and creating the users in it and


putting


>the contents of your dba_users table into another table (eg: in the new


>database, issue "create table user_passwords as select username, password


from


>dba_users_at_the_real_database").






I think that placing system tablespace and redo logs on RAM-disk would be
required to achieve performance. Opsss... only poorly acceptable.
Altering user causes recursive transaction. So number of password changes per
second is strongly limited by syncing redo during implicit commits
(up to several hundreds changes per second if hard disks are used). It is not
acceptable for password checking in case of many users.



--


Piotr Kolodziej pkol_at_otago.gda.pl


Just my private opinion.

Received on Mon Mar 01 1999 - 03:38:32 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US