What I meant by "cure" is the way to obtain (not to
prevent from obtaining) these passwords from the
library cache (or any other) dumps.
It works like a charm (meaning it is still a security
hole of a kind) in my 8.1.7.4.0, but it doesn't show
clear text passwords in 9.2.0.3.0 any more (meaning it
seems to be fixed). The question was if malicious user
can still get it somehow in 9i in a similar fashion
- "Jamadagni, Rajendra"
<Rajendra.Jamadagni_at_espn.com> wrote: > revoke alter
session from users ...
>
> Raj
>
> ----
> Rajendra dot Jamadagni at nospamespn dot com
> All Views expressed in this email are strictly
> personal.
> QOTD: Any clod can have facts, having an opinion is
> an art !
>
>
> -----Original Message-----
> Sent: Tuesday, April 08, 2003 3:09 PM
> To: Multiple recipients of list ORACLE-L
>
>
> Pete,
>
> Thanks, the collection is very useful.
>
> Does the trick of dumping the library cache, level
> 10
> and hunting for open text passwords still work in
> 9i?
> I thought they fixed it, so it would look like the
> following:
>
> ...
> BUCKET 114176:
> LIBRARY OBJECT HANDLE: handle=6f4bcf88
> name=alter user dummy identified by ***********
> hash=e7b3be00 timestamp=04-08-2003 13:48:11
> ...
>
> Any "cure" for this?
>
> Thanks,
> Boris Dali
> >
*********************************************************************This
> e-mail message is confidential, intended only for
> the named recipient(s) above and may contain
> information that is privileged, attorney work
> product or exempt from disclosure under applicable
> law. If you have received this message in error, or
> are not the named recipient(s), please immediately
> notify corporate MIS at (860) 766-2000 and delete
> this e-mail message from your computer, Thank
>
you.*********************************************************************1
>
Post your free ad now!
http://personals.yahoo.ca
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Boris Dali
INET: boris_dali_at_yahoo.ca
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Tue Apr 08 2003 - 16:24:00 CDT
