Re: Interesting info about Oracle

"Volker Hetzer" <volker.hetzer_at_ieee.org> wrote in message news:<bd7dbs$ru3$1_at_dackel.pdb.sbs.de>...

> I've heard that db2 passwords sit unencrypted in the first datafile
> (unbelievable for me, so you want to check this).

[Quoted] Yes, unbelievable. You've "heard" that from Noons. IMHO you should [Quoted] be more selective with your sources, since this is barely more [Quoted] accurate than his usual stuff. There is however a tiny grain of truth behind his outlandish claim, so I'll clarify...

The file Noons is talking about is db2cli.ini, which is not a DB2 data file as you might just possibly guess from the name. What it *is* is the DB2 ODBC/CLI *client* (i.e. nothing to do with DB2 server at all) configuration file; the Oracle equivalent would be called odbc.ini I believe. Now in this file the DB2 client GUI will, if you make it, store your password, unencrypted, in the standard PWD field, just like [Quoted] the PWD field would contain Oracle ODBC user passwords unencrypted, if [Quoted] I'm not mistaken. Not a good idea perhaps, but not really Oracle or IBM's fault seeing that ODBC is a Microsoft standard.

[Quoted] In point of fact, because the DB2 DBMS uses the server or client operating system to authenticate users, it has no need to store passwords.

Hope this clears that up.

TM Received on Tue Jun 24 2003 - 00:11:11 CEST