Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: SQL*Net/Net8 and plain text passwords
Oracle encrypts passwords by default. I believe this began wit SQL*NET 2.1.
However, if you do not have the parameter, ORA_ENCRYPT_LOGIN,
set to ,true, in the sqlnet.ora file of the client, then Oracle under
certain circumstances, will send the password is plain text, after trying
and failing with the encrypted password. There is also an init.ora
parameter, DBLINK_ENCRYPT_LOGIN which controls this behavior on database
links.
The password will be sent in plain text between web browsers and your web server unless you have protected the ports via SSL.
Ian MacGregor
Stanford Linear Accelerator Center
ian_at_slac.stanford.edu
-----Original Message-----
From: Sherwin Anthony Sequeira [mailto:sherwin_at_sequeira.ezesurf.co.uk]
Sent: Friday, June 09, 2000 3:14 PM
To: Multiple recipients of list ORACLE-L
Subject: SQL*Net/Net8 and plain text passwords
Hi fellow (this includes males and females) DBAs,
I have an application that connects to an Oracle database via a Web Server, machine from is Unix or NT, and machine to can be Unix or NT.
The customer's concern is passwords being sent over SQL*Net/Net8.
I have reassured him that plain text passwords will not be sent over
the network. I mentioned OS authentication, which I am sure will work. I am also sure that there is a Net parameter for encryption.
Any ideas? I am @ home now after a long hard weeks work, with no documentation available, except on the laptop, and that is giving up the ghost.
Any hints, tips. pointers, URL's, direct experience, even that it can't be done?
Regards and TIA.
Tony
-- Author: Sherwin Anthony Sequeira INET: sherwin_at_sequeira.ezesurf.co.uk Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Sun Jun 11 2000 - 13:37:49 CDT
![]() |
![]() |