| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: encrypted user/passwd connection
Thanks Raj.
I would think that the default being set to 'always encrypt' would be more reasonable,
In checking the parameters via
select
a.KSPPINM NAME, a.KSPPDESC DESCRIPTION, b.KSPPSTVL VALUE, b.KSPPSTDF ISDEFAULT
.. I found that only the dblink_encrypt_login parm was available.
This is on 7.3.4, 8.0.6, 8.1.7 and 9.2.0.
Where does ORA_ENCRYPT_LOGIN get applied?
Jared
Rajesh.Rao_at_jpmchase.com
Sent by: root_at_fatcity.com
01/07/2003 07:03 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
cc:
Subject: RE: encrypted user/passwd connection
"All oracle passwords are encrypted" is not a true statement. Failed login attempts, are retried by sending the password in an unencrypted format. Atleast, until 8.1.7. To avoid which, ORA_ENCRYPT_LOGIN variable and DBLINK_ENCRYPT_LOGIN parameter (for retried attempts across database link) should be set to TRUE.
I could stand corrected though.
Raj
Sony kristanto
<Sony_at_polyfinca To: Multiple recipients of
list ORACLE-L <ORACLE-L_at_fatcity.com>
nggih.com> cc:
Sent by: Subject: RE: encrypted
user/passwd connection
root_at_fatcity.co
m
January 07,
2003 01:53 AM
Please respond
to ORACLE-L
You're right Jared, all oracle password is encrypted. Btw Andrey if it is possible how to do it ?
> -----Original Message-----
> From: Jared Still [SMTP:jkstill_at_cybcon.com]
> Sent: Tuesday, January 07, 2003 11:04 AM
> To: Multiple recipients of list ORACLE-L
> Subject: Re: encrypted user/passwd connection
>
>
> Andre,
>
> Oracle does not send passwords across the network
> in clear text, they are encrypted by default.
>
> Jared
>
> On Monday 06 January 2003 05:43, Andrey Bronfin wrote:
> > Dear list !
> > I have just been asked the following question:
> > is it possible to make a connection from an Oracle client to an Oracle
> > instance (both are 8.1.7) in an "encrypted" way.
> > I.e. if someone is sitting with a sniffer between the server and the
> > client, then i don't want him to be able to see the user/passwd i'm
> > connecting with. Again , i am NOT asking how store the data in the DB
in
> an
> > "encrypted" way, but how to connect to an instance without showing my
> > passwd.
> > Thanks a lot!
> > Andrey.
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: Rajesh.Rao_at_jpmchase.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Jan 07 2003 - 14:11:10 CST
 |
 |