Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> SQL*NET - is password encryption default or does it need to be enabled

SQL*NET - is password encryption default or does it need to be enabled

From: Warren Milne <wtm_at_xtra.co.nz>
Date: 22 Apr 1998 07:14:57 GMT
Message-ID: <6hk5dh$852$1@wolfman.xtra.co.nz> 





Hi,



I have found the oracle docs to be confusing and my search of deja news gave 
inconclusive results.



For Oracle 7.3 series ( and all 7.x) are oracle passwords sent encrypted over 
sqlnet by DEFAULT ?



The following excerpt confuses the issue :



http://oracle.agen.tamu.edu/AGEN-doc/server/srf73/ch103.html




**quote**




DBLINK_ENCRYPT_LOGIN



Default value: FALSERange of values: TRUE/FALSERelease: 7.1Signifies whether 
attempts to connect to other Oracle7 Servers through database links should 
use encrypted passwords. When you attempt to connect to a database using a 
password, Oracle encrypts the password before sending it to the database. If 
the DBLINK_ENCRYPT_LOGIN parameter is TRUE, and the connection fails, Oracle 
does not reattempt the connection. If this parameter is FALSE, Oracle 
reattempts the connections using an unencrypted version of the password. 



For more information, see the Oracle7 Server Administrator's Guide.



**end quote





It appears to suggest that passwords are sent encrypted by default, and that 
only if either DBLINK or ORA_ENCRYPT are set to false does an unencrypted 
password get sent.  However other oracle doc.s use terminology that suggest 
that password encryption must be configured first.



This suggests that there is no way at the server end to force encrypted 
passwords only ?



Is all this right ?



Many thanks for pointers



Warren M

Received on Wed Apr 22 1998 - 02:14:57 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US