Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Hiding passwords
>In Windows2000 you can encrypt a file... Not sure how well that would work
>though, since if you install your software as local administrator (not good
>practice) then anyone else who logs in as administrator would be able to see
>/ run the file too...
Here is a little known trick of NTFS file systems. It's called "data streams".
D:\>del file.txt D:\>echo Some stuff > file.txt D:\>echo and its password >file.txt:pwd D:\>dir
24/09/2003 11:19p 13 file.txt(note the file size!)
I'm sure there are some interesting uses to be explored here
to hide Oracle passwords! ;)
Note: the hidden data stream name can be ANY filename string and is subject
to security. This was used initially in NTFS to support the Mac resource
fork file format in file servers. It is still there and won't go away any
time soon as IIS uses it.
MS Knowledge base article 105763 discusses this in detail. You can also search google for some details. Use "alternate data streams". Careful: this is used by some virus writers!!!
Cheers
Nuno Souto
nsouto_at_optusnet.com.au
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Souto INET: nsouto_at_optusnet.com.au Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Sep 24 2003 - 09:29:39 CDT