Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: ORA_ENCRYPT_LOGIN

Re: ORA_ENCRYPT_LOGIN

From: Pete Finnigan <pete_at_peterfinnigan.demon.co.uk>
Date: Fri, 24 Aug 2001 19:01:26 +0100
Message-ID: <QGpRpiA2Zph7EwvH@peterfinnigan.demon.co.uk> 





Hi



set up eathreal or dsniff and sniff the network as a log in is attempted
and you can see that the password will be encrypted or not.



cheers



Pete Finnigan


wwww.pentest-limited.com




In article <1e0ca712.0108220604.1c7d9dc6_at_posting.google.com>, Erik
Hudson <ehudson_at_ieee.org> writes


>I've got a question about a SQLJ application I'm writing that runs on

>NT and accesses an Oracle 8.1.7 database on a Sun.  I want to make

>sure the password gets encrypted when making a connection to the

>database.  On the server side, I've set DBLINK_ENCRYPT_LOGIN to true

>in the init.ora file.  For the client, I'm trying to set the

>ORA_ENCRYPT_LOGIN variable to true.  Can I set this in the properties

>variable that gets passed to the getConnection() method?  If not, how

>do I set it?

>

>The next question: To prove this to the security people, is there a

>way to verify that it has been encrypted for a connection?

>

>Thanks for any help.

>

>Erik



-- 
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan_at_pentest-limited.com

www.pentest-limited.com


Received on Fri Aug 24 2001 - 13:01:26 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US