Re: Adding some random characters to Oracle password

>Excellent question. You realise it will require some testing and research
>won't you!? (In other words, I'll get back to you on that one!!).
>But it will appear as a new paragraph at the end of the existing paper,
>because it's such a good issue to address.
>
>It is because people ask good questions that we (together) learn good stuff.
>
>Regards
>HJR

Hi Howard,

I answered this question over a year ago in relation to SQL*Plus in my newsletter http://www.petefinnigan.com/news_letter_001.pdf - In there I renamed the SQL*Plus binary on the client and on the server and the values in v$session did not change. In other words Oracle networking still knew it was SQL*Plus even though the binary is now called "hacker". I guess this is because SQL*Plus identifies itself internally to the network stack. I don't know if the same will work if you use a third party application unless that application uses dbms_application_info to set up values.

hth

Kind regards

Pete

-- 
Pete Finnigan (email:pete_at_petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.