Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How database passwords can tranmit via network...

Re: How database passwords can tranmit via network...

From: Billy <vslabs_at_onwe.co.za>
Date: 2 Aug 2005 23:23:06 -0700
Message-ID: <1123050186.891750.42370@g43g2000cwa.googlegroups.com> 





Maxim Demenko wrote:



> In addition, despite the login will be encrypted per default, the sql

> itself will not, also such statements as "create user ... identified by

> ..." or "alter user ... identified by ..." can be easily captured with

> tcpdump or ethereal, so Net8 over ssl maybe a simpliest but very

> effective way to secure your traffic. Another option could be ASO/ANO.




Agree. But that is not always that easy to get done. Been trying to get
ssh to be used as default for all Unix access, but it is a problem on
Windows platforms (so I'm told) and thus its not official policy from
the IT Security group. So we still have loads of unecrypted root
passwords traveling merrily up and down the corporate network.



Running Linux and using ssh tunnels extensively, I could not really
care.



Of course, the IT Security group have all Windows platforms locked down
to such an extent that users cannot even select their wallpaper. Which
is of course of critical importance as it must be a company (and
politically) correct wallpaper. Screw the unencrypted network traffic.



Security these days is not about protecting the userbase. It's about
creating a prohibitive and restrictive environment to controll the
actions of the userbase. Which is just plain old fashioned bullshit.


--
Billy


Received on Wed Aug 03 2005 - 01:23:06 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US