Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password
On Sat, 30 Oct 2004 23:37:36 +1000, "Howard J. Rogers"
<hjr_at_dizwell.com> wrote:
>Paper written as promised. It doesn't assume all that you asked for about
>the VPN and so on. But it does a 'are you using an authorised program?'
>check. It's a worked example: starts simple, the problems show up, we get
>subtler.
>
>You might find it of interest, anyway.
>
>http://www.dizwell.com/html/secure_application_roles.html
>
>Regards
>HJR
I read your paper. It is a well written and thought document.
One question came to my mind:
Where does the Progname actually derive?
If it is just the OS executable name couldn't a hacker could just do
c:\oracle\bin\> rename sqlplus.exe isqlplus.exe
to bypass the fine security measures you have just created?
Regards,
Kirmo Uusitalo Received on Mon Nov 01 2004 - 00:31:35 CST
![]() |
![]() |