Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password

Re: Adding some random characters to Oracle password

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Fri, 29 Oct 2004 08:33:43 +0100
Message-ID: <N4gv0UBXJfgBRxES@peterfinnigan.demon.co.uk> 





>It can't get discovered because it is hard-coded and compiled into the app.

>Source code is secured.



Hi,



Hard coding passwords into applications is a bad idea. If its not
possible to simply get the password with strings because its obfuscated
in some way then it is possible for some people with a debugger. You do
not need the source to get the password. If you have this in your
application copy the binary to a Unix box and run "strings" against the
binary and see what you find.



kind regards



Pete

-- 
Pete Finnigan (email:pete_at_petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Fri Oct 29 2004 - 02:33:43 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US