Re: capture oracle pwd change in 3rd party application. help needed
From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Fri, 07 Nov 2003 14:50:45 -0800
Message-ID: <1068245466.11957_at_yasure>
Pete Finnigan wrote:
I've never seen an application with this architecture in 34 years in the business.
I'd really like to be wrong.
Date: Fri, 07 Nov 2003 14:50:45 -0800
Message-ID: <1068245466.11957_at_yasure>
My personal opinion? The person asking the question is trying to crack a database.My objection is that it would take me a matter of minutes tomake myself an account on another machine on which I had no permissions. It is a hacker's delight.Hi Daniel, I think there is another point to make here is that we are not implementing this but just discussing possible solutions without knowing the application or architecture, tools, requirements etc.... I would say that a script to synchronise password hash values should be run in a secure manner and also would not add new accounts, just synchronise old ones. I would also re-iterate this isn't the way to fix an issue like this, why does this application need to have synchronised access to two databases? and why isn't the manufacturer involved. kind regards Pete
I've never seen an application with this architecture in 34 years in the business.
I'd really like to be wrong.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Fri Nov 07 2003 - 23:50:45 CET