Re: Interesting info about Oracle

TM wrote:

> "Volker Hetzer" <volker.hetzer_at_ieee.org> wrote in message news:<bd7dbs$ru3$1_at_dackel.pdb.sbs.de>...
>
> > I've heard that db2 passwords sit unencrypted in the first datafile
> > (unbelievable for me, so you want to check this).
>
> Yes, unbelievable. You've "heard" that from Noons. IMHO you should
> be more selective with your sources, since this is barely more
> accurate than his usual stuff. There is however a tiny grain of truth
> behind his outlandish claim, so I'll clarify...
>
> The file Noons is talking about is db2cli.ini, which is not a DB2 data
> file as you might just possibly guess from the name. What it *is* is
> the DB2 ODBC/CLI *client* (i.e. nothing to do with DB2 server at all)
> configuration file; the Oracle equivalent would be called odbc.ini I
> believe. Now in this file the DB2 client GUI will, if you make it,
> store your password, unencrypted, in the standard PWD field, just like
> the PWD field would contain Oracle ODBC user passwords unencrypted, if
> I'm not mistaken. Not a good idea perhaps, but not really Oracle or
> IBM's fault seeing that ODBC is a Microsoft standard.
>
> In point of fact, because the DB2 DBMS uses the server or client
> operating system to authenticate users, it has no need to store
> passwords.
>
> Hope this clears that up.
>
> TM

Put in other terms ... DB2 has no security unless one purhases Tivoli or other products in addition to the database.

[Quoted] Every product has its own strengths and weaknesses. If the point of what you are posting is to start a flame war
[Quoted] by all means repost at alt.test and everyone will join in.

--
Daniel Morgan
http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)