Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: password encryption during password change

Re: password encryption during password change

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Thu, 5 Feb 2004 18:27:49 +1100
Message-ID: <4021f076$0$5862$afc38c87@news.optusnet.com.au> 






"Joe" <nospam_at_joekaz.net> wrote in message
news:b9c56449.0402030517.143ee940_at_posting.google.com...


> Oracle encrypts passwords during the login process,




It doesn't actually. It hashes them, not encrypts them. A picky distinction,
I suppose. But true.



>but I'm looking

> into what happens during a password change.   No one at our site uses

> the sqlplus PASSWORD command, all changes are done using utilities

> which issue the ALTER USER IDENTIFIED BY statement.   So I believe

> that goes out over the network as plain text just as any other sql

> statement.

>

> Does anyone have any thoughts on how to make this more secure?  A few

> complicated solutions come to mind, but I can't think of a simple one

> - hopefully I'm missing something obvious?




Oracle has extensive support for true encryption technologies (RSA, DES,
3DES etc etc). They'll cost you, but are available as part of advanced
networking. Configured in the sqlnet.ora.



Regards


HJR


-- 
------------------------------------
Oracle insights at www.dizwell.com
------------------------------------


Received on Thu Feb 05 2004 - 01:27:49 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US