Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Known passwords and sqlplus

Re: Known passwords and sqlplus

From: Scott Mattes <smattes_at_erols.com>
Date: Wed, 24 Feb 1999 08:34:58 -0500
Message-ID: <36D40002.E8DB13E1@erols.com> 





I haven't done this, but another app I know of hashes the
userid/password the user supplies to generate their unknown read/write
enabled userid/password. If the user tries the userid/password that they
know about they only get read privileges.



nieuws net wrote:


> 


> Hi


> 


> We have an application redbox on an unix server with oracle as


> the database.


> The problem is that the application has several hardcoded userid/passwords


>  unix and oracle)


> There is a need to do sqlplus from the client , but if those passwords


> are commonly known then there is a possible security gap.


> How do i prevent users who can do sqlplus from there client that they


> use the userids known in the application?


> 


> thanks in advance


> gkor_at_rdw.nl





-- 




Scott Mattes


ICQ:  18330579



Work: Scott.Mattes_at_Wang.com


Home: SMattes_at_Erols.com


Web:  www.erols.com/smattes
Received on Wed Feb 24 1999 - 07:34:58 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US