Re: ops$ logins from both secure and nonsecure clients with same username

From: Bill Manry - Oracle Corporation <bmanry_at_upsizeme.us.oracle.com>
Date: 1996/08/05
Message-ID: <4u5uhs$hol_at_inet-nntp-gw-1.us.oracle.com>#1/1

Mark Citron (mcitron_at_hsc.usc.edu) wrote:
>I dont think that is what I am asking. I just want to know how Oracle
>knows whether whether my client system is secure or not. If it believes
>it is secure it should let me login. If is believes it is not it should
>ask for a password. How does it know what windows is not secure?

It doesn't. The client's system or platform is identified in the datastream sent to the server during initial connection and of course that can be fabricated by anyone who knows how to get a network trace and can code a sockets application. The bigger issue is not whether the client system is secure...it's the network that is the problem. Absent special facilities (usually involving additional hardware), Oracle cannot assume that what the client sends is "the truth".

--
Bill Manry  -  Mainframe and Integration Technologies  -  Oracle Corporation
These are my opinions, not necessarily Oracle's.

Received on Mon Aug 05 1996 - 00:00:00 CEST

This message: [ Message body ]
Next message: Barry Johnson: "Re: ops$ logins from both secure and nonsecure clients with same username"
Previous message: Richard Lloyd: "Re: How to find out what version of Oracle you have ?"
Maybe in reply to: Mark Citron: "ops$ logins from both secure and nonsecure clients with same username"
Next in thread: Barry Johnson: "Re: ops$ logins from both secure and nonsecure clients with same username"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message