Re: passwords in clear text and password protected rolesbypass
- From: "Ron Rogers" <RROGERS@xxxxxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 15 Mar 2004 14:22:23 -0500
of course you could assign a value to the password and then spend a lot
of time guessing it when you login.
Ron
>>> mladen@xxxxxxxxxxxxxxx 03/15/2004 2:05:58 PM >>>
Put DBMS_RANDOM in the script. Be warned, that may produce random
results.
On 03/15/2004 01:50:42 PM, Ravi Kulkarni wrote:
> Great hint, Thank you.
> Is there a way to avoid(/defer) clear-text-passwords when Creating
users ?
>
>
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Pete Finnigan
> Sent: Sunday, March 14, 2004 1:14 PM
> To: oracle-l@xxxxxxxxxxxxx
> Subject: passwords in clear text and password protected roles bypass
>
>
> Hi Everyone,
>
> Further to Nuno's question last week I have just put two short papers
on
> my website, the first discussing clear text password transmissions
when
> changing a users password in the database which i showed in my post
last
> and the second discussing the same issue with set role {blah}
identified
> by {blah}.
>
> The second paper also discusses an issue I found whereby you can
bypass
> the password protection assigned to a role. Both papers describe the
> issues and also suggest possible solutions. The papers are available
> from:
>
> http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
> and
>
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
> m
>
> Hope you find them useful.
>
> kind regards
>
> Pete
> --
> Pete Finnigan
> email:pete@xxxxxxxxxxxxxxxx
> Web site: http://www.petefinnigan.com - Oracle security audit
specialists
> Book:Oracle security step-by-step Guide - see http://store.sans.org
for details.
>
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
> put 'unsubscribe' in the subject line.
> --
> Archives are at //www.freelists.org/archives/oracle-l/
> FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
> put 'unsubscribe' in the subject line.
> --
> Archives are at //www.freelists.org/archives/oracle-l/
> FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
- » Re: passwords in clear text and password protected rolesbypass
