Fun facts about Oracle security

From: Maxim Anisiutkin <manisiutkin_at_grtcorp.com>
Date: 1 Mar 2002 07:08:16 -0800
Message-ID: <71ce14f2.0203010708.16340a1f_at_posting.google.com>

Hi,

Maybe, it's well-known, but:

If you create users where username and password are got as left and right part of some particular string ("userpassword", for example):

create user userpa identified by ssword; create user userpass identified by word;

you'll see the equivalent password hashes:

USERNAME                       PASSWORD
------------------------------ ------------------------------
USERPA                         342C0CF1DDCAD9F3
USERPASS                       342C0CF1DDCAD9F3

2. SQL*Net password's "challenge" request seems to be random at the first look, but it isn't. It'll repeat every 24 hours for each millisecond for each particular user.

Maxim. Received on Fri Mar 01 2002 - 16:08:16 CET

This message: [ Message body ]
Next message: Ivan: "password policy and ORA-28007: the password cannot be reused"
Previous message: Julie Larson: "Anyone using Mainsoft Mainwin, OCI and Merant ODBC??"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message