Re: SQL*Net

Thanks Thomas, as usual you have the 'right' stuff.... ( I will remember that 'trace' is not just for solving problems, but can be used to check things out as well)

Thomas Kyte <tkyte_at_us.oracle.com> wrote:

>A copy of this was sent to "Sybrand Bakker" <postbus_at_sybrandb.demon.nl>
>(if that email address didn't require changing)
>On Tue, 15 May 2001 20:21:52 +0200, you wrote:
>
>>
>>"TurkBear" <noone_at_nowhere.com> wrote in message
>>news:5km2gt8s1f5j9kl9i719dl3q3s2a5cdgqf_at_4ax.com...
>>> The database does the authentication ( or you can set it up to do OS
>>> authentication ) at its end, not at the client...I believe, however, the
 SqlNet
>>> transmits its login info ( username, password, servicename ) over the
 network in
>>> clear text, so 'sniffers' may be able to see it..
>>>
>>> "Wanghin" <whtoh_at_deloitte.com.sg> wrote:
>>>
>>> >Hi,
>>> >I was wondering how will installation of SQL*Net on the client affect the
>>> >security of the access to the oracle database?
>>> >
>>> >Heard from someone that sql*net does not authenicate users when they try
 to
>>> >connect from client side.
>>> >
>>> >thanks in advance.
>>> >
>>>
>>
>>Yeah, it does. But the Enterprise Edition comes with the Advanced Networking
>>Option, which will allow you to encrypt *everything* (including your data),
>>using various well-known protocols.
>>So there shouldn't be any concern about sqlnet, provided you want to spend
>>the $$.
>>
>
>*no* it doesn't. the passwords are *not* transmitted in clear text. this can
>be verified by setting the client trace level to 16 and seeing what is sent back
>and forth.
>
>>Regards,
>>
>>Sybrand Bakker, Oracle DBA
>>
>>
Received on Mon May 21 2001 - 08:53:27 CDT