| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Securing isqlplus
Frank wrote:
> Alison Holloway wrote:
> > Thanks Daniel. I answered Chuck in a separate email, but just for the
> > benefit of everyone reading this newsgroup, here was my answer.
> >
> > You need to set up SSL (HTTPS) to secure iSQL*Plus. When you install
> > iSQL*Plus out of the box, all passwords are transmitted over HTTP,
> > unencrypted. You may not see the passwords in the URL, but they are
> > there if you look at the HTTP transmission as they are sent with a POST
> > command. This is a limitation of HTTP.
> >
> > Oracle strongly suggests setting up SSL if you want to secure iSQL*Plus.
> > This is the primary reason that we do not enable the iSQL*Plus DBA URL
> > by default. We could not set up SSL out of the box as you need to use
> > your own certificate.
> >
> > I hope this helps.
> >
> > Alison
> >
> > Daniel Morgan wrote:
> >
> >
> > <snip>
> >
> >> You read correctly but interpret incorrectly.
> >>
> >> All iSQL*Plus connections are secure. Oracle does not expose passwords
> >> except for one type of database link.
> >>
> >> If you have specific questions I would suggest that you address them to:
> >> alison.holloway_at_oracle.com
> >>
> >> There is no more qualified person on the planet when it comes to
> >> iSQL*Plus.
> >> --
> >> Daniel Morgan
> >> http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
> >> damorgan_at_x.washington.edu
> >> (replace 'x' with a 'u' to reply)
> >>
> >>
> >
>
>
Another nightmare Oracle should pre-empt by thinking ahead.
The way things currently seem the only beneficiaries will be the ones paid to handle support calls and competitors.
-- Daniel Morgan http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Wed May 21 2003 - 16:10:51 CDT
 |
 |