"Jacob Lane, MCP" <jacoblanemcp_at_yahoo.com> wrote in message
news:108976ladsv0523_at_corp.supernews.com...
> All,
>
> I am somewhat familiar with Oracle as a DB, but have limited knowledge of
> the Financials package. One of my clients was curious about how Oracle
> (Financials) protects user credentials on the wire. For example, on a
> default install of Financials 11i, if a user were to log in across the
> network, would their password be transmitted in clear text?
>
> Does anyone know?
>
> I have received conflicting opinions so far:
>
> Opinion #1 (from Oracle) -- "Passwords are always encrypted before being
> transmitted. You cal also choose to implement SSL if you are really
> paranoid, but your password will not be more secure..."
>
> Opinion #2 (from a DB security expert) -- "Financials passes passwords in
> clear-text unless you implement SSL. Implementing SSL should be a required
> baseline..."
>
> I would love to have access to Metalink so that I could reference the
> Financials documentation on this, but alas, as a small time consultant, I
> cannot afford that. My other thought was to fire up a network sniffer on
the
> client's network and run some tests - but I am in Georgia and they are in
> Nebraska. Not about to hop on a plane to run a sniffer for them.
>
> Any gurus out there that can help?
>
> Jake
>
>
The client should have access to Metalink. I don't know the answer, though I
assume that it uses ssl.
Jim
Received on Mon Apr 19 2004 - 22:57:04 CDT
