Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Hiding passwords

Re: Hiding passwords

From: <Jared.Still_at_radisys.com>
Date: Wed, 24 Sep 2003 10:55:00 -0800
Message-ID: <F001.005D0F16.20030924105500@fatcity.com> 





Thanks, this bears investigating.







"Nuno Souto" <nsouto_at_optusnet.com.au>


Sent by: ml-errors_at_fatcity.com


 09/24/2003 07:29 AM


 Please respond to ORACLE-L

 

        To:     Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
        cc: 
        Subject:        Re: Hiding passwords








>In Windows2000 you can encrypt a file... Not sure how well that would 

work


>though, since if you install your software as local administrator (not 

good


>practice) then anyone else who logs in as administrator would be able to 

see


>/ run the file too...

 




Here is a little known trick of NTFS file systems.
It's called "data streams".


D:\>del file.txt
D:\>echo Some stuff > file.txt
D:\>echo and its password >file.txt:pwd
D:\>dir




 Volume in drive D is OS


 Volume Serial Number is A4BA-68F3


 Directory of D:\

24/09/2003  11:19p                  13 file.txt


(note the file size!)


D:\>type file.txt


Some stuff


D:\>type file.txt:pwd


The filename, directory name, or volume label syntax is incorrect.
D:\>more <file.txt:pwd


and its password


D:\>



I'm sure there are some interesting uses to be explored here
to hide Oracle passwords!  ;)


Note: the hidden data stream name can be ANY filename string and is 
subject


to security.  This was used initially in NTFS to support the Mac resource 
fork file format in file servers.  It is still there and won't go away any 



time soon as IIS uses it.



MS Knowledge base article 105763 discusses this in detail.
You can also search google for some details.  Use "alternate data 
streams".


Careful: this is used by some virus writers!!!



Cheers


Nuno Souto


nsouto_at_optusnet.com.au

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Nuno Souto
  INET: nsouto_at_optusnet.com.au

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: 
  INET: Jared.Still_at_radisys.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Wed Sep 24 2003 - 13:55:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US