Re: Question re security

• From: Fergal Taheny <ftaheny@xxxxxxxxx>
• To: dbvision@xxxxxxxxxxxx
• Date: Fri, 17 Jan 2014 09:19:27 +0000

Hi,

Just on this point:

"Using that port is
an open avenue for any hacker worth his/her salt to run a sniffer in a
Linux node to get all Oracle pwds."

This is something I have wondered about. The oracle passwords are
envcrypted during transmission by default with standard sqlnet setup. I
checked this with a packet sniffer once to confirm this but I have wondered
if this encryption is reliable. No pre-sharing of any keys has to be done
before a client can connect to a db. So as part of the authentication does
the server send the client a key which the client uses to encrypt the
password?  If this is the case the isn't this open to a man in the middle
attack?

Would be interested to hear people opinions on this.

Thanks,
Fergal

• Follow-Ups:
  • Re: Question re security
    • From: Nuno Souto

• References:
  • RE: Question re security
    • From: bill thater
  • RE: Question re security
    • From: Patterson, Joel
  • Re: Question re security
    • From: mohammed bhatti
  • Re: Question re security
    • From: Nuno Souto

Other related posts:

• » Question re security- Nuno Souto
• » Re: Question re security- Niall Litchfield
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Niall Litchfield
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- david
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » RE: Question re security- bill thater
• » RE: Question re security- Patterson, Joel
• » Re: Question re security- mohammed bhatti
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- Nuno Souto
• » Re: Question re security- D'Hooge Freek
• » Re: Question re security - Fergal Taheny
• » Re: Question re security- Jeremy Schneider
• » Re: Question re security- Job Miller
• » Re: Question re security- Adric Norris
• » Re: Question re security- Andy Klock
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- Guillermo Alan Bort
• » Re: Question re security- Paresh Yadav
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » Re: Question re security- david
• » Re: Question re security- Nuno Souto
• » Re: Question re security- david
• » Re: Question re security- De DBA
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Hans Forbrich
• » RE: Question re security- bill thater
• » Re: Question re security- De DBA
• » Re: Question re security- Nuno Souto
• » Re: Question re security- John Hurley
• » Re: Question re security- Wayne Smith
• » RE: Question re security- Michael McMullen

1. Home
2. oracle-l
3. Archive
4. 01-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---