Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: SQL*Net

Re: SQL*Net

From: Max7 <joan_toh_at_hotmail.com>
Date: Thu, 17 May 2001 21:40:56 +0800
Message-ID: <9e0keu$cci$1@dahlia.singnet.com.sg>

This posting seems interesting. Since SQL net transmit clear text to the OS for authenication, is there any way to harden this?

"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message news:tg2sq091igi574_at_beta-news.demon.nl...
>
> "TurkBear" <noone_at_nowhere.com> wrote in message
> news:5km2gt8s1f5j9kl9i719dl3q3s2a5cdgqf_at_4ax.com...
> > The database does the authentication ( or you can set it up to do OS
> > authentication ) at its end, not at the client...I believe, however, the
 SqlNet
> > transmits its login info ( username, password, servicename ) over the
 network in
> > clear text, so 'sniffers' may be able to see it..
> >
> > "Wanghin" <whtoh_at_deloitte.com.sg> wrote:
> >
> > >Hi,
> > >I was wondering how will installation of SQL*Net on the client affect
 the
> > >security of the access to the oracle database?
> > >
> > >Heard from someone that sql*net does not authenicate users when they
 try
 to
> > >connect from client side.
> > >
> > >thanks in advance.
> > >
> >
>
> Yeah, it does. But the Enterprise Edition comes with the Advanced
 Networking
> Option, which will allow you to encrypt *everything* (including your
 data),
> using various well-known protocols.
> So there shouldn't be any concern about sqlnet, provided you want to spend
> the $$.
>
> Regards,
>
> Sybrand Bakker, Oracle DBA
>
>
>
Received on Thu May 17 2001 - 08:40:56 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US