| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password
"Kirmo Uusitalo" <kirmo.uusitalo.no.spam_at_iki.fi> wrote in message
news:jmlbo0lrrlgk48kfl44qfmdc684ma993v9_at_4ax.com...
> On Sat, 30 Oct 2004 23:37:36 +1000, "Howard J. Rogers"
> <hjr_at_dizwell.com> wrote:
>
>>Paper written as promised. It doesn't assume all that you asked for about
>>the VPN and so on. But it does a 'are you using an authorised program?'
>>check. It's a worked example: starts simple, the problems show up, we get
>>subtler.
>>
>>You might find it of interest, anyway.
>>
>>http://www.dizwell.com/html/secure_application_roles.html
>>
>>Regards
>>HJR
>
> I read your paper. It is a well written and thought document.
>
> One question came to my mind:
> Where does the Progname actually derive?
>
> If it is just the OS executable name couldn't a hacker could just do
>
> c:\oracle\bin\> rename sqlplus.exe isqlplus.exe
>
> to bypass the fine security measures you have just created?
>
> Regards,
>
> Kirmo Uusitalo
Excellent question. You realise it will require some testing and research won't you!? (In other words, I'll get back to you on that one!!). But it will appear as a new paragraph at the end of the existing paper, because it's such a good issue to address.
It is because people ask good questions that we (together) learn good stuff.
Regards
HJR
Received on Mon Nov 01 2004 - 01:20:13 CST
 |
 |