Re: Help with Security Issues

From: Lee E Parsons <lparsons_at_world.std.com>
Date: Thu, 12 May 1994 23:28:52 GMT
Message-ID: <CppqK5.AF0_at_world.std.com>


Glenn_at_wplace.demon.co.uk writes:
>In article <T3zpj0$C7EeB063yn_at_tdkt.mn.org>
> choang_at_tdkt.mn.org "Carl Hoang" writes:
>
>:I need some help/hints in security of the transactions between the Server
>:and Clients. The transactions will have UserID and Password. I don't
>:know how to hide these things from the "LAN Packet Sniffers". These
>:transactions are going to update Oracle database server. It's like this:
>.. deleted
>
>You can use OPS$ usernames, in which case you just pass / instead of
>a username/password.

Of course if he is worried about people reading his password/username off of the wire. Then he should be REALLY worried about allowing OPS$ logins to his database.

At least the people most likely to know that you can easily get passwords off the ether are not likely to know exctly how to use them when they get them. A OPS$ hole could be explited by a (GAG!) business analyst who knows what to do in the app once she gets in.

Isn't there a hardware solution here? Doesn't somebody make a black box that sits on your workstation and encryptes on the fly? Of course if you do solve this via software let us know. You'll have a marketable product.

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com
Received on Fri May 13 1994 - 01:28:52 CEST

Original text of this message