Re: How are you authenticating you applications?

• From: Guillermo Alan Bort <cicciuxdba@xxxxxxxxx>
• To: Joel.Patterson@xxxxxxxxxxx
• Date: Thu, 10 Mar 2011 10:07:55 -0300

I can see a nice DoS where someone attacks the database and locks the app
account essentially rendering the application useless.

However, I was not worried about attack, not yet at least, I was more
worried about people "legitimately" having the password and using it even
though they are not supposed to.

thanks
Alan.-


On Thu, Mar 10, 2011 at 9:35 AM, <Joel.Patterson@xxxxxxxxxxx> wrote:

>
> If the DB locks after 10 attempts, then would you not have a chance to
> block these brute force attack?  After all it would lock in less than a
> second, and so nobody would go anywhere until the source is found.
>
> Joel Patterson
> Database Administrator
> 904 727-2546
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
> On Behalf Of Greg Rahn
> Sent: Wednesday, March 09, 2011 6:03 PM
> To: cicciuxdba@xxxxxxxxx
> Cc: oracle-l-freelists
> Subject: Re: How are you authenticating you applications?
>
> On Wed, Mar 9, 2011 at 11:11 AM, Guillermo Alan Bort
> <cicciuxdba@xxxxxxxxx> wrote:
> >    We are working on providing the hashed password, so all the non-dbas
> get
> > is a hash... but I don't know how strong the eencryption really is... and
> > I'd like to let my i7 have a go at cracking one and see how long it
> takes...
> > still, a non-human-intervention approach would be appreciated :-)
>
> I'm not sure what you mean by this but I would strongly suggest this
> as a starting point:
> http://codahale.com/how-to-safely-store-a-password/
>
> BTW, an i7 is nothing... just spend a week or so to learn Nvidia CUDA,
> rent a few dozen Amazon Web Services Cluster GPU instances and you
> will be frightened to learn how many hundreds of billions of password
> candidates (yes billions!) you can try in a few seconds.
> All at the hands of anyone with an AWS account.  Makes you think at
> least twice about password security.
>
> --
> Regards,
> Greg Rahn
> http://structureddata.org
> --
> //www.freelists.org/webpage/oracle-l
>
>
>

• Follow-Ups:
  • RE: How are you authenticating you applications?
    • From: Joel.Patterson
  • Re: How are you authenticating you applications?
    • From: Subodh Deshpande
  • Re: How are you authenticating you applications?
    • From: Niall Litchfield

• References:
  • Re: How are you authenticating you applications?
    • From: Greg Rahn
  • RE: How are you authenticating you applications?
    • From: Joel.Patterson

Other related posts:

• » How are you authenticating you applications?- Guillermo Alan Bort
• » Re: How are you authenticating you applications?- dbvision@xxxxxxxxxxxx
• » Re: How are you authenticating you applications?- Greg Rahn
• » RE: How are you authenticating you applications?- Joel.Patterson
• » Re: How are you authenticating you applications? - Guillermo Alan Bort
• » RE: How are you authenticating you applications?- Joel.Patterson
• » Re: How are you authenticating you applications?- Subodh Deshpande
• » Re: How are you authenticating you applications?- Niall Litchfield

1. Home
2. oracle-l
3. Archive
4. 03-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---