Hi Upendra, if what you mean with your last question is a toned down oracle software solution à la ASO then the answer is NO. But there are other ways to accomplish the same, i.e. protection from network sniffing and intercepting. To name just three: ssh tunneling, ipsec (network layer - layer 3 in OSI) or even encrypting network cards. You would have to investigate which option suits you best. Kind regards, Andre 2011/3/1 Upendra N <nupendra@xxxxxxxxxxx> > I found this documentation which confirms that 10g onwards client is > encrypting the passwords: > > http://download.oracle.com/docs/cd/B19306_01/win.102/b14304/admin.htm#sthref294 > > My other question still stays open.. is there a toned down version of ASO > (40 or 56-bit) encryption available for free? > Thanks > -Upendra > > > > ------------------------------ > From: nupendra@xxxxxxxxxxx > To: oracle-l@xxxxxxxxxxxxx > Subject: Clear text credentials? > Date: Tue, 1 Mar 2011 14:38:26 -0500 > > > Hello guys, > Question.. > When someone connects from Host_A to Host_B and if the communication is not > encrypted using Advanced Security Option (ASO) or a similar mechanism, would > the user credentials be sent in Clear Text? If so, is there a way to secure > it? The requirement is to protect the username/password without using > ASO/SSH Tunnel. > > If my memory serves correctly, a lower version of ASO (40 or 56-bit) > encryption is available for free? Is that true? > > Your feedback is appreciated. > Thanks > -Upendra > >