Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Passwords sent from client to server via OCI calls - are they encrypted?
Hello,
I'm using OCI in my application to connect to the Oracle server (currently using orlon call, have not yet moved on to OCILogon). My question is this: when the password is sent by the OCI code from the client to the server, is the password encrypted? I want to find out if my application will be vulnerable to network sniffers or other methods of breaching security in the Oracle environment.
I've looked in the Oracle documentation, and have not yet found a way to send anything to the orlon call other than the unencrypted password. I have also not found any details on what the OCI client side code does with the password (if anything) before sending it to the server.
Thanks for any useful replies.
Joe Sanderson
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Joe Sanderson
INET: joe.sanderson_at_ecora.com
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Tue May 08 2001 - 12:22:25 CDT