password encryption during password change

From: Joe <nospam_at_joekaz.net>
Date: 3 Feb 2004 05:17:54 -0800
Message-ID: <b9c56449.0402030517.143ee940@posting.google.com>

Oracle encrypts passwords during the login process, but I'm looking into what happens during a password change. No one at our site uses the sqlplus PASSWORD command, all changes are done using utilities which issue the ALTER USER IDENTIFIED BY statement. So I believe that goes out over the network as plain text just as any other sql statement.

Does anyone have any thoughts on how to make this more secure? A few complicated solutions come to mind, but I can't think of a simple one - hopefully I'm missing something obvious?

-- 
Joe
http://www.cafeshops.com/joekaz
http://www.joekaz.net

Received on Tue Feb 03 2004 - 07:17:54 CST

This message: [ Message body ]
Next message: Ofer: "XML loader"
Previous message: Stephan Bressler: "Re: Limit multiple sessions for one user"
Next in thread: Daniel Morgan: "Re: password encryption during password change"
Reply: Daniel Morgan: "Re: password encryption during password change"
Reply: Pete Finnigan: "Re: password encryption during password change"
Reply: Sybrand Bakker: "Re: password encryption during password change"
Reply: Howard J. Rogers: "Re: password encryption during password change"
Reply: Howard J. Rogers: "Re: password encryption during password change"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US