Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: ops$/w2k/"secure" connections question

Re: ops$/w2k/"secure" connections question

From: Paul Drake <paled_at_home.com>
Date: Fri, 17 Aug 2001 14:35:02 -0700
Message-ID: <F001.0036FE17.20010817144529@fatcity.com> 








eric harrington wrote:


> 

> I must be missing something.  I have Oracle running without any additional

> password security setup and the Oracle user passwords are encrypted.  I was

> checking an OCI login and SQL*Plus connection.  I have an Oracle white paper

> that discusses this: Client/Server Authentication, Part A32479, April 1995.

> Excerpt follows (my tests confirmed what is indicated below - I had some

> inconsistency with 7.x but in 8.x and higher this assertion is correct).

> 

> Quote: "The Oracle Password Protocol provides security for client-server and

> server-server password communication by encrypting user passwords passed

> over a network. The Oracle Password Protocol uses a session key valid for a

> single database connection attempt to encrypt the user's password. Each

> connection attempt uses a separate key for encryption, making the encryption

> more difficult to decipher. After the key-encrypted password is passed to

> the server, the server decrypts it, then re-encrypts it using a Data

> Encryption Standard (DES) based one-way encryption algorithm and compares it

> with the password stored in the database. If they match, the user

> successfully connects to the database. The Oracle Password Protocol is used

> to encrypt all passwords upon an attempted connection — whether local

> connection, client to

> server, or server to server."

> 




Maybe that's why you have to check the box (on Technet before
downloading) saying that you won't ship the software off to Libya - as
it is classified as munitions.



Paul

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Paul Drake
  INET: paled_at_home.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Aug 17 2001 - 16:35:02 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US