Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Oracle Financials password crypto?

Oracle Financials password crypto?

From: Jacob Lane, MCP <jacoblanemcp_at_yahoo.com>
Date: Mon, 19 Apr 2004 20:45:24 -0700
Message-ID: <108976ladsv0523@corp.supernews.com> 





All,



I am somewhat familiar with Oracle as a DB, but have limited knowledge of
the Financials package. One of my clients was curious about how Oracle
(Financials) protects user credentials on the wire. For example, on a
default install of Financials 11i, if a user were to log in across the
network, would their password be transmitted in clear text?



Does anyone know?



I have received conflicting opinions so far:



Opinion #1 (from Oracle) -- "Passwords are always encrypted before being
transmitted. You cal also choose to implement SSL if you are really
paranoid, but your password will not be more secure..."



Opinion #2 (from a DB security expert) -- "Financials passes passwords in
clear-text unless you implement SSL. Implementing SSL should be a required
baseline..."



I would love to have access to Metalink so that I could reference the
Financials documentation on this, but alas, as a small time consultant, I
cannot afford that. My other thought was to fire up a network sniffer on the
client's network and run some tests - but I am in Georgia and they are in
Nebraska. Not about to hop on a plane to run a sniffer for them.



Any gurus out there that can help?



Jake
Received on Mon Apr 19 2004 - 22:45:24 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US