| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.tools -> Re: SQL*Net
This posting seems interesting. Since SQL net transmit clear text to the OS for authenication, is there any way to harden this?
"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message
news:tg2sq091igi574_at_beta-news.demon.nl...
>
> "TurkBear" <noone_at_nowhere.com> wrote in message
> news:5km2gt8s1f5j9kl9i719dl3q3s2a5cdgqf_at_4ax.com...
> > The database does the authentication ( or you can set it up to do OS
> > authentication ) at its end, not at the client...I believe, however, the
SqlNet
> > transmits its login info ( username, password, servicename ) over the
network in
> > clear text, so 'sniffers' may be able to see it..
> >
> > "Wanghin" <whtoh_at_deloitte.com.sg> wrote:
> >
> > >Hi,
> > >I was wondering how will installation of SQL*Net on the client affect
the
> > >security of the access to the oracle database?
> > >
> > >Heard from someone that sql*net does not authenicate users when they
try
to
> > >connect from client side.
> > >
> > >thanks in advance.
> > >
> >
>
> Yeah, it does. But the Enterprise Edition comes with the Advanced
Networking
> Option, which will allow you to encrypt *everything* (including your
data),
> using various well-known protocols.
> So there shouldn't be any concern about sqlnet, provided you want to spend
> the $$.
>
> Regards,
>
> Sybrand Bakker, Oracle DBA
>
>
>
Received on Thu May 17 2001 - 08:40:56 CDT
 |
 |