Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle client security

Re: Oracle client security

From: <Jared.Still_at_radisys.com>
Date: Fri, 6 Aug 2004 13:40:19 -0700
Message-ID: <OFF65AB31C.40D0EE08-ON88256EE8.00718738-88256EE8.00718E65@radisys.com> 





> More than a year ago, we had problems with a Perl::DBI program 

> connecting to the Oracle DB using the WE8ISO8859P1 charset.  It 

> always failed the first time and secretly and automagically 

> attempted and succeeded the connection a second time.  I was able to

> verify this by using AUDIT in the DB, while running the program.

> 

>From the fine manual:




By setting the following values, you can require that the password used to 
verify a connection always be encrypted: 
Set the ORA_ENCRYPT_LOGIN environment variable to TRUE on the client 
machine. 


Set the DBLINK_ENCRYPT_LOGIN server initialization parameter to TRUE. 
If enabled at both the client and server, passwords will not be sent 
across the network "in the clear", but will be encrypted using a modified 
DES (Data Encryption Standard) algorithm. 
The DBLINK_ENCRYPT_LOGIN initialization parameter is used for connections 
between two Oracle servers (for example, when performing distributed 
queries). If you are connecting from a client, Oracle checks the 
ORA_ENCRYPT_LOGIN environment variable. 
Whenever you attempt to connect to a server using a password, Oracle 
encrypts the password before sending it to the server. If the connection 
fails and auditing is enabled, the failure is noted in the audit log. 
Oracle then checks the appropriate DBLINK_ENCRYPT_LOGIN or 
ORA_ENCRYPT_LOGIN value. If it set to FALSE, Oracle attempts the 
connection again using an unencrypted version of the password. If the 
connection is successful, the connection replaces the previous failure in 
the audit log, and the connection proceeds. To prevent malicious users 
from forcing Oracle to re-attempt a connection with an unencrypted version 
of the password, you must set the appropriate values to TRUE. 







Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Fri Aug 06 2004 - 15:36:30 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US