| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: passwords in clear text and password protected roles bypass
Great hint, Thank you.
Is there a way to avoid(/defer) clear-text-passwords when Creating users ?
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Pete Finnigan
Sent: Sunday, March 14, 2004 1:14 PM
To: oracle-l_at_freelists.org
Subject: passwords in clear text and password protected roles bypass
Hi Everyone,
Further to Nuno's question last week I have just put two short papers on my website, the first discussing clear text password transmissions when changing a users password in the database which i showed in my post last and the second discussing the same issue with set role {blah} identified by {blah}.
The second paper also discusses an issue I found whereby you can bypass the password protection assigned to a role. Both papers describe the issues and also suggest possible solutions. The papers are available from:
http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m
Hope you find them useful.
kind regards
Pete
--
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
 |
 |