Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Hacking An Oracle Session : Is It Possible?
Aakash wrote:
> Thanks for the response, i am asking this just to get an security
> perspective, a group of colleagues were disscussing about this when we
> came upto this point,
> most of us were of the opinion that its not possible. hence i thot i
> wud put it up here to get views from all over.
>
> the actual disscussion was like " if an sql*plus session is in
> progress, can anyone get into the active sql*plus session and play
> around with the transactions happening, without know the
> username/passwd being used by the session"
>
> thanks again, any more view will be appreciated.
>
>
> Hans Forbrich <forbrich_at_yahoo.net> wrote in message news:<6Dbpc.8769$j6.8739_at_edtnps84>...
>
>>Aakash wrote: >> >> >>>hello everyone, >>> >>>after a client machine,say SQL*Plus, establishes a session with the >>>oracle database , is it possible to intrude into the established >>>session? i.e is it possible to get into the session layer of the >>>oracle session? is oracle vulnerable to such an hacking? >> >>Not if your network is protected. >> >>Very very difficult if your network is open and sniffable. >> >>You might want to look at http://www.petefinnigan.com for a gernreal >>discussion of Oracle security. >> >>/Hans
It is extremely easy to make sqlnet connections encrypted. Merely requires one or two entries in the network configuration files on client and server, and you're done. uid/password are then encrypted as well.
-- Regards, Frank van BortelReceived on Sat May 15 2004 - 06:53:36 CDT