Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> password encryption during password change
Oracle encrypts passwords during the login process, but I'm looking
into what happens during a password change. No one at our site uses
the sqlplus PASSWORD command, all changes are done using utilities
which issue the ALTER USER IDENTIFIED BY statement. So I believe
that goes out over the network as plain text just as any other sql
statement.
Does anyone have any thoughts on how to make this more secure? A few complicated solutions come to mind, but I can't think of a simple one - hopefully I'm missing something obvious?
-- Joe http://www.cafeshops.com/joekaz http://www.joekaz.netReceived on Tue Feb 03 2004 - 07:17:54 CST