RE: Pete Finnigan's Oracle database password checker
- From: "Hostetter, Jay M" <JHostetter@xxxxxxxxxxxxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 8 Oct 2008 09:53:13 -0400
Just a side note here - you might want to double-check your company's
policy on running a utility like this against a production database. At
the very least, I would have to modify the script so that it would NOT
show me what the cracked passwords are. Otherwise it would be cause for
termination of my employment.
Jay
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Adams, Matthew (GE
Indust, ConsInd)
Sent: Wednesday, October 08, 2008 9:44 AM
To: Thomas.Mercadante@xxxxxxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: RE: Pete Finnigan's Oracle database password checker
There are a myriad of tools out there for
scanning unix passwords
(SATAN was one I used in the 90s, not sure if it's still around).
I would think that the dictionaries of words that comes with any
of these utilities would be a good starting point.
Matt
**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use
of the individual or entity to which they are addressed and may contain
information that is privileged, proprietary and confidential. If you are not
the intended recipient, you may not use, copy or disclose to anyone the message
or any information contained in the message. If you have received this
communication in error, please notify the sender and delete this e-mail
message. The contents do not represent the opinion of D&E except to the extent
that it relates to their official business.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
