Re:RE: Password is not case sensity and uncrypted

From: <dgoulet_at_vicr.com>
Date: Fri, 04 Oct 2002 10:53:25 -0800
Message-ID: <F001.004E11E6.20021004105325@fatcity.com>

Raj,

    I recently attended a conference where a very security obsessed individual was giving a presentation. He recommended in very strong terms taking all application usernames, where the tables etc... are housed, and doing an "alter user <username> identified by values 'NOBODY';". Now this does place the value 'NOBODY' into the password field in DBA_USERS and afterwards nobody can loggin to that account. The fix is easy, just "alter user <username> identified by nobody';"

Dick Goulet

____________________Reply Separator____________________
Author: "Jamadagni; Rajendra" <Rajendra.Jamadagni_at_espn.com>
Date:       10/4/2002 10:03 AM

AFAIK password is NOT case sensitive unless of course you enclose in double-quotes. Also dba_users shows encrypted password. What table are we taking here that shows plain text passwords? Is it an application table?

Raj

---

Rajendra Jamadagni MIS, ESPN Inc. Rajendra dot Jamadagni at ESPN dot com
Any opinion expressed here is personal and doesn't reflect that of ESPN Inc.

QOTD: Any clod can have facts, but having an opinion is an art!

-----Original Message-----
Sent: Friday, October 04, 2002 1:48 PM
To: Multiple recipients of list ORACLE-L

Is password case-sensity in oracle database? And how do I encrypt it as it shows unencrypted in password field?

Thanks,
David
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Nguyen, David M
  INET: david.m.nguyen_at_xo.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.19">
<TITLE>RE: Password is not case sensity and uncrypted</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>AFAIK password is NOT case sensitive unless of course you enclose in double-quotes. Also dba_users shows encrypted password. What table are we taking here that shows plain text passwords? Is it an application table?</FONT></P>

<P><FONT SIZE=2>Raj</FONT>
<BR><FONT SIZE=2>______________________________________________________</FONT>
<BR><FONT SIZE=2>Rajendra Jamadagni&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; MIS, ESPN Inc.</FONT> <BR><FONT SIZE=2>Rajendra dot Jamadagni at ESPN dot com</FONT> <BR><FONT SIZE=2>Any opinion expressed here is personal and doesn't reflect that of ESPN Inc. </FONT>
<BR><FONT SIZE=2>QOTD: Any clod can have facts, but having an opinion is an art!</FONT>
</P>
<BR>

<P><FONT SIZE=2>-----Original Message-----</FONT> <BR><FONT SIZE=2>From: Nguyen, David M [<A HREF="mailto:david.m.nguyen_at_xo.com">mailto:david.m.nguyen_at_xo.com</A>]</FONT>

<BR><FONT SIZE=2>Sent: Friday, October 04, 2002 1:48 PM</FONT>
<BR><FONT SIZE=2>To: Multiple recipients of list ORACLE-L</FONT>
<BR><FONT SIZE=2>Subject: Password is not case sensity and uncrypted</FONT>
</P>
<BR>

<P><FONT SIZE=2>Is password case-sensity in oracle database?&nbsp; And how do I encrypt it as it</FONT>
<BR><FONT SIZE=2>shows unencrypted in password field?</FONT> </P>

<P><FONT SIZE=2>Thanks,</FONT>
<BR><FONT SIZE=2>David</FONT>
<BR><FONT SIZE=2>-- </FONT>
<BR><FONT SIZE=2>Please see the official ORACLE-L FAQ: <A

HREF="http://www.orafaq.com" TARGET="_blank">http://www.orafaq.com</A></FONT>

<BR><FONT SIZE=2>-- </FONT>
<BR><FONT SIZE=2>Author: Nguyen, David M</FONT>
<BR><FONT SIZE=2>&nbsp; INET: david.m.nguyen_at_xo.com</FONT>
</P>

<P><FONT SIZE=2>Fat City Network Services&nbsp;&nbsp;&nbsp; -- 858-538-5051 <A HREF="http://www.fatcity.com" TARGET="_blank">http://www.fatcity.com</A></FONT> <BR><FONT SIZE=2>San Diego, California&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-- Mailing list and web hosting services</FONT>
<BR><FONT

SIZE=2>---------------------------------------------------------------------</FO

NT>
<BR><FONT SIZE=2>To REMOVE yourself from this mailing list, send an E-Mail message</FONT>
<BR><FONT SIZE=2>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in</FONT>
<BR><FONT SIZE=2>the message BODY, include a line containing: UNSUB ORACLE-L</FONT>
<BR><FONT SIZE=2>(or the name of mailing list you want to be removed from).&nbsp; You may</FONT>
<BR><FONT SIZE=2>also send the HELP command for other information (like subscribing).</FONT>
</P>

</BODY>
</HTML>  

--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author:
  INET: dgoulet_at_vicr.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Oct 04 2002 - 13:53:25 CDT