Re: Client's access to Oracle's passwords

From: frank <fbortel_at_home.nl>
Date: Mon, 30 Oct 2000 20:59:32 GMT
Message-ID: <39FDD0C4.F84B3475_at_home.nl>

Ever did plus33 scott/tiger_at_demo?
The passwd is clear text! Any job listing (ps, mon, etc) would be able to grasp it.

Waiting for the logon (plus33), or password prompt (plus33 scott) would not send it cleartext AFAIK, possibly encrypted (Kerberos or 2 others - see SQL*Net mnl).

Frank
BTW Never use Oracle for military, nuclear, medical or other mission critical system
- standard Oracle disclaimer (!)

gd_souza_at_hotmail.com wrote:

> ---------------------------------------
> Here is a question -
>
> 1. Client application connects to Oracle database via a SQL*Net call.
>
> 2. Can the user-ID and password passed on to the database by the client
> by captured by any of utilities?
>
> I have heard that turning SQL tracing on would capture the password?
> Is that true - if so, what parameter in which needs to be modified to
> prevent the capture?
>
> All help will be most appreciated.
>
> - Grank
> --------------------------------------
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Received on Mon Oct 30 2000 - 21:59:32 CET

This message: [ Message body ]
Next message: Stephan Langer: "Re: Bizarre Delete"
In reply to gd_souza_at_hotmail.com: "Client's access to Oracle's passwords"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message