Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password

Re: Adding some random characters to Oracle password

From: Kirmo Uusitalo <kirmo.uusitalo.no.spam_at_iki.fi>
Date: Mon, 01 Nov 2004 08:31:35 +0200
Message-ID: <jmlbo0lrrlgk48kfl44qfmdc684ma993v9@4ax.com> 





On Sat, 30 Oct 2004 23:37:36 +1000, "Howard J. Rogers"
<hjr_at_dizwell.com> wrote:



>Paper written as promised. It doesn't assume all that you asked for about

>the VPN and so on. But it does a 'are you using an authorised program?'

>check. It's a worked example: starts simple, the problems show up, we get

>subtler.

>

>You might find it of interest, anyway.

>

>http://www.dizwell.com/html/secure_application_roles.html

>

>Regards

>HJR



I read your paper. It is a well written and thought document. 



One question came to my mind:


Where does the Progname actually derive?



If it is just the OS executable name couldn't a hacker could just do



c:\oracle\bin\> rename sqlplus.exe isqlplus.exe



to bypass the fine security measures you have just created?



Regards,



Kirmo Uusitalo
Received on Mon Nov 01 2004 - 00:31:35 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US