Re: Oracle characterset confusion when storing encoded passwords

From: Noons <>
Date: Tue, 5 Feb 2008 22:04:50 -0800 (PST)
Message-ID: <>

On Feb 5, 9:02 pm, 151 <> wrote:

> I was slightly wrong in my description in that the password is sent in
> the clear (!) to the DB at "user registration time" and then the DB

YeGawds! I hope that app server is not in a DMZ and the db server in an Intranet, otherwise that just about lets any hacker get those passwords cleanly and easily... Received on Wed Feb 06 2008 - 00:04:50 CST

Original text of this message