| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: capture oracle pwd change in 3rd party application. help needed
Pete Finnigan wrote:
>>> My objection is that it would take me a matter of minutes to
>>>
>>>
>> make myself an account on another
>> machine on which I had no permissions. It is a hacker's delight.
>>
>>
>
>Hi Daniel,
>
>I think there is another point to make here is that we are not
>implementing this but just discussing possible solutions without knowing
>the application or architecture, tools, requirements etc.... I would say
>that a script to synchronise password hash values should be run in a
>secure manner and also would not add new accounts, just synchronise old
>ones. I would also re-iterate this isn't the way to fix an issue like
>this, why does this application need to have synchronised access to two
>databases? and why isn't the manufacturer involved.
>
>kind regards
>
>Pete
>
>
My personal opinion? The person asking the question is trying to crack a
database.
I've never seen an application with this architecture in 34 years in the
business.
I'd really like to be wrong.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Fri Nov 07 2003 - 16:50:45 CST
 |
 |