OAS Security Issues

From: <fmanzara_at_my-deja.com>
Date: 2000/07/18
Message-ID: <8l2lqv$fl1$1_at_nnrp1.deja.com>#1/1

2 questions regarding OAS 4.0.8.1 and security: 1. Can we control the username/passwords passed in clear text from OAS and web server? Not from OAS to database server (ANO). I did a snoop of the TCP packets and several usernames/passwords/db_connection_strings are being passed from OAS to the web server. Partial dump below...

2. Can we control the ports OAS uses to communicate to OAS servers on other nodes? It seems to be random and usually in the 30000 range. I need to nail these down to control security with the Firewall (in and out of the DMZ zone).

317 0.00012 pa1 -> pw1 TCP D=33387 S=37326 Ack=986276407 Seq=3795691111 Len=1460 Win=8760

5554 4c31 3100 0000 0000 0006 0000 0009 UTL11...........
7573 6572 6e61 6d65 0000 0000 0000 0006 username........
1234 4321 3100 0000 0000 0009 7061 7373 1tl11.......pass
776f 7264 0000 0000 0000 0011 4d4e 4a34 word........OPEN
R347 334c 444R 4444 4AA0 AAAA 0000 0000 PASSOWRDABCD....
0000 0009 686f 7374 6e61 6d65 0000 0000 ....hostname....
0000 0004 7061 3100 0000 000c 6f72 6163 ....pa1.....

Thank-you,
FM

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Tue Jul 18 2000 - 00:00:00 CEST

This message: [ Message body ]
Next message: Frank Kloeck: "nested table and sql Loader"
Previous message: evangelia veremis: "my test"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message