passwords in clear text and password protected roles bypass

Hi Everyone,

Further to Nuno's question last week I have just put two short papers on
my website, the first discussing clear text password transmissions when
changing a users password in the database which i showed in my post last
and the second discussing the same issue with set role {blah} identified
by {blah}. 

The second paper also discusses an issue I found whereby you can bypass
the password protection assigned to a role. Both papers describe the
issues and also suggest possible solutions. The papers are available
from:

http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m

Hope you find them useful.

kind regards

Pete
-- 
Pete Finnigan
email:pete@xxxxxxxxxxxxxxxx
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

Other related posts: