Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Securing isqlplus
Thanks Daniel. I answered Chuck in a separate email, but just for the benefit of everyone
reading this newsgroup, here was my answer.
You need to set up SSL (HTTPS) to secure iSQL*Plus. When you install iSQL*Plus out of the box, all passwords are transmitted over HTTP, unencrypted. You may not see the passwords in the URL, but they are there if you look at the HTTP transmission as they are sent with a POST command. This is a limitation of HTTP.
Oracle strongly suggests setting up SSL if you want to secure iSQL*Plus. This is the primary reason that we do not enable the iSQL*Plus DBA URL by default. We could not set up SSL out of the box as you need to use your own certificate.
I hope this helps.
Alison
Daniel Morgan wrote:
<snip>
> You read correctly but interpret incorrectly.
>
> All iSQL*Plus connections are secure. Oracle does not expose passwords
> except for one type of database link.
>
> If you have specific questions I would suggest that you address them to:
> alison.holloway_at_oracle.com
>
> There is no more qualified person on the planet when it comes to iSQL*Plus.
> --
> Daniel Morgan
> http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
> damorgan_at_x.washington.edu
> (replace 'x' with a 'u' to reply)
>
>
Received on Mon May 19 2003 - 03:34:47 CDT