"Joe" <nospam_at_joekaz.net> wrote in message
news:b9c56449.0402030517.143ee940_at_posting.google.com...
> Oracle encrypts passwords during the login process, but I'm looking
> into what happens during a password change. No one at our site uses
> the sqlplus PASSWORD command, all changes are done using utilities
> which issue the ALTER USER IDENTIFIED BY statement. So I believe
> that goes out over the network as plain text just as any other sql
> statement.
>
> Does anyone have any thoughts on how to make this more secure? A few
> complicated solutions come to mind, but I can't think of a simple one
> - hopefully I'm missing something obvious?
>
> --
> Joe
> http://www.cafeshops.com/joekaz
> http://www.joekaz.net
Received on Thu Feb 05 2004 - 01:24:07 CST
