Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: ORA_ENCRYPT_LOGIN

Re: ORA_ENCRYPT_LOGIN

From: Rick Wessman <Rick.Wessman_at_oracle.com>
Date: 23 Aug 2001 15:52:42 -0400
Message-ID: <socheuymu45.fsf@rwessman-pc.us.oracle.com>


You don't need to set ORA_ENCRYPT_LOGIN explicitly. Since your database is 8.1.7, the password is encrypted by default. It's only if you are running a very old database (7.2 or before) that you need to set the variable.

As to proving that the password is encrypted, enable Net8 tracing at level 16 and try the connection. You'll see the username (e.g. "Erik") in the data passed over, but the password will be encrypted.

If your security group is very concerned about the safety of the data, I would suggest that they buy the Advanced Security Option. That way, all of the data will be encrypted.

                                   Rick

ehudson_at_ieee.org (Erik Hudson) writes:

> I've got a question about a SQLJ application I'm writing that runs on
> NT and accesses an Oracle 8.1.7 database on a Sun. I want to make
> sure the password gets encrypted when making a connection to the
> database. On the server side, I've set DBLINK_ENCRYPT_LOGIN to true
> in the init.ora file. For the client, I'm trying to set the
> ORA_ENCRYPT_LOGIN variable to true. Can I set this in the properties
> variable that gets passed to the getConnection() method? If not, how
> do I set it?
>
> The next question: To prove this to the security people, is there a
> way to verify that it has been encrypted for a connection?
>
> Thanks for any help.
>
> Erik

-- 
                                Rick Wessman
                                Security Assurance Group
                                Oracle Corporation
                                Rick.Wessman_at_oracle.com

     The opinions expressed above are mine and do not necessarily reflect
                         those of Oracle Corporation.
Received on Thu Aug 23 2001 - 14:52:42 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US