Disable Net8 backward compatibility?

From: Allen Kistler <ackistler_at_yahoo.com>
Date: 14 Dec 2001 13:08:47 -0800
Message-ID: <9e3d4fab.0112141308.7a042837_at_posting.google.com>

Net8 is backwardly compatible with SQLnet 2.0.14 and later.

Passwords are encrypted during authentication interchanges beginning with SQLnet 2.1 (Oracle 7.1).

I have found some discussion in Usenet that the MS-supplied Oracle ODBC driver may use SQLnet 2.0 (probably the minimum required 2.0.14), hence no password encryption, even with the ORA_ENCRYPT_LOGIN environment variable defined, since only the genuine Oracle client looks at the environment variable.

Is there any way to disable Net8's backward compatibility, so that logins with unencrypted passwords from SQLnet 2.0 clients are denied? The idea is to enforce encrypted logins, no matter how the clients are configured. Maybe we can't stop someone from configuring their client not to send encrypted passwords, but if they do, we'd like to deny them access.

Using Oracle ASO to encrypt the whole session is not an option. We're using Oracle 8i right now. It will probably be another year before we go to 9i, if that matters. Received on Fri Dec 14 2001 - 22:08:47 CET

This message: [ Message body ]
Next message: pablo: "BLOB"
Previous message: Shawn Bisgrove: "Re: Oracle Spatial Oracle Label Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message