Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password

Re: Adding some random characters to Oracle password

From: Alan <alan_at_erols.com>
Date: Fri, 29 Oct 2004 10:08:00 -0400
Message-ID: <2uf167F29rbi9U1@uni-berlin.de> 






"Pete Finnigan" <plsql_at_petefinnigan.com> wrote in message
news:N4gv0UBXJfgBRxES_at_peterfinnigan.demon.co.uk...


> >It can't get discovered because it is hard-coded and compiled into the

app.


> >Source code is secured.

> Hi,

>

> Hard coding passwords into applications is a bad idea. If its not

> possible to simply get the password with strings because its obfuscated

> in some way then it is possible for some people with a debugger. You do

> not need the source to get the password. If you have this in your

> application copy the binary to a Unix box and run "strings" against the

> binary and see what you find.

>

> kind regards




We're running everything on Windows, but yes, there are ways to break this
if one really wants to. Our situation is not that extreme.



>

> Pete

> -- 

> Pete Finnigan (email:pete_at_petefinnigan.com)

> Web site: http://www.petefinnigan.com - Oracle security audit specialists

> Oracle security blog:



http://www.petefinnigan.com/weblog/entries/index.html


> Book:Oracle security step-by-step Guide - see http://store.sans.org for

details.
Received on Fri Oct 29 2004 - 09:08:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US