Re: Security Problems of using Pro-C

From: Ian Parkin <iparkin_at_lssec.bt.co.uk>
Date: 17 Jan 94 10:52:42 GMT
Message-ID: <1994Jan17.105241.5613_at_lssec.bt.co.uk>

>How safe is this: have the Pro*C application simply send "/" and use OS
>authentication on the person running the program. That way, at least the
>passwords aren't around for all to see. I'm sure there's some other problem,
>but at least then it's at least as secure as the OS under it (hehehehe...).
>Any experienced Oracle-dudes out there know the relative merits of this idea?

As you said as secure as the OS itself. In the case of non-shadow Unix this means that your encrypted password is on public display and any number of programs are available to crack it.

I guess it all depends on your level of paranoia whether you consider OPS$ accounts secure enough for your application or not.

IAP Received on Mon Jan 17 1994 - 11:52:42 CET

This message: [ Message body ]
Next message: Kevin Neel: "Re: Security Problems of using Pro-C"
Previous message: Willard Dawson: "Re: Net Bandwith: X-Server vs PC Client/Server"
In reply to: Alex Lind: "Re: Security Problems of using Pro-C"
In reply to Alex Lind: "Re: Security Problems of using Pro-C"
Next in thread: Kevin Neel: "Re: Security Problems of using Pro-C"
Reply: Kevin Neel: "Re: Security Problems of using Pro-C"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message