Re: Pete Finnigan's Oracle database password checker
- From: Pete Finnigan <pete@xxxxxxxxxxxxxxxx>
- To: guillermo.bort@xxxxxxx
- Date: Mon, 13 Oct 2008 10:21:52 +0100
Hi,
You could of course do that but I wrote the cracker to be completely
stand alone where it doesnt need to be installed in the database or have
tables of words added to the database.
I work with lots of companies and some have a reticence to install and
use binary based crackers (i.e. ones written in C such as woraauthbf) so
I wanted to get over that barrier completely and have a script that is
easy to run, needs no dependencies and can be run from SQL*Plus. no
excuses then to harden your passwords. Once people have seen the power
of the PL/SQL based one, they will accept a C based one more easilly BUT
as i said on the download page this cracker will catch the most
problematic issues anyway.
cheers
Pete
Bort, Guillermo wrote:
> If you read the file you downloaded you'll see that there is a procedure
> that loads an array (procedure init_dicts) and you can add lines there.
> Also, init_hashes loads the hashes database.
>
> You could certainly modify the procedure to load the array from a table
> with something like:
>
> Procedure init_dicts is
> J number;
> Begin
> J:=1;
> For i in (select * from table) loop
> Dicts(J):=i.word;
> J:=J+1;
> End loop;
> End;
>
>
> Guillermo Alan Bort
> EDS - ITO DBA Main Group
>
> -----Original Message-----
> From: Mercadante, Thomas F (LABOR)
> [mailto:Thomas.Mercadante@xxxxxxxxxxxxxxxxx]
> Sent: Wednesday, October 08, 2008 9:15 AM
> To: John.Hallas@xxxxxxxxxxxxxxxxxx; Bort, Guillermo
> Cc: oracle-l@xxxxxxxxxxxxx
> Subject: RE: Pete Finnigan's Oracle database password checker
>
> I ran it in two of my development environments. My question is how do I
> extend the dictionary that Pete included in the routine. His Web page
> states that it can be extended. Anybody have any ideas about how to get
> a dictionary loaded into an Oracle database?
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
Pete Finnigan
Principal Consultant
PeteFinnigan.com Limited
Registered in England and Wales
Company No: 4664901
Specialists in database security.
If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services
Phone: 0044 (0)1904 791188
Fax : 0044 (0)1904 791188
Mob : 0044 (0)7742 114223
email: pete@xxxxxxxxxxxxxxxx
site : http://www.petefinnigan.com
Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited. This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
