Re: Question re security

• From: Nuno Souto <dbvision@xxxxxxxxxxxx>
• To: oracle-l@xxxxxxxxxxxxx
• Date: Mon, 20 Jan 2014 19:55:28 +1100

On 20/01/2014 12:11 PM, david@xxxxxxxxxxxxxxxxxxxx wrote:

The hash has never been passed over the wire - I describe in detail how authentication works in the Oracle Hacker's Handbook in Chapter 4. Here's an online copy: http://books.google.com.au/books?id=cDy2_QoQplEC&lpg=PA43&ots=5tygnUMzKQ&dq=oracle%20authentication%20process%20litchfield&pg=PA43#v=onepage&q=oracle%20authentication%20process%20litchfield&f=false

Thanks, Unfortunately, that online reference ends before the really relevant bit is shown. But the gist is: the hash is not sent online on 1521, nor the pwd. Something else is. It can be intercepted and decoded *IF* one knows which port to listen for, waiting for a "change port" and then follow on. As such, changing the initial port is a good annoyance value: it makes finding which port the real "meat" is in slightly harder to find. In these days of supercomputer-class desktops, it shouldn't be too hard, though.

I know about all the other secure authentication methods.

Good luck making them work with minimal maintenance in a constantly changing user universe... Ah well, what can I say other than: it's Oracle "security": simple for hackers, a nightmare for those who have to maintain it....

--
Cheers
Nuno Souto
dbvision@xxxxxxxxxxxx

--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Question re security
    • From: david
  • Re: Question re security
    • From: De DBA

• References:
  • RE: Question re security
    • From: bill thater
  • RE: Question re security
    • From: Patterson, Joel
  • Re: Question re security
    • From: mohammed bhatti
  • Re: Question re security
    • From: Nuno Souto
  • Re: Question re security
    • From: Fergal Taheny
  • Re: Question re security
    • From: Nuno Souto
  • Re: Question re security
    • From: david

Other related posts:

• » Question re security- Nuno Souto
• » Re: Question re security- Niall Litchfield
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Niall Litchfield
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- david
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » RE: Question re security- bill thater
• » RE: Question re security- Patterson, Joel
• » Re: Question re security- mohammed bhatti
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- Nuno Souto
• » Re: Question re security- D'Hooge Freek
• » Re: Question re security- Fergal Taheny
• » Re: Question re security- Jeremy Schneider
• » Re: Question re security- Job Miller
• » Re: Question re security- Adric Norris
• » Re: Question re security- Andy Klock
• » Re: Question re security- Hans Forbrich
• » Re: Question re security- Guillermo Alan Bort
• » Re: Question re security- Paresh Yadav
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » Re: Question re security- david
• » Re: Question re security - Nuno Souto
• » Re: Question re security- david
• » Re: Question re security- De DBA
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Nuno Souto
• » Re: Question re security- Hans Forbrich
• » RE: Question re security- bill thater
• » Re: Question re security- De DBA
• » Re: Question re security- Nuno Souto
• » Re: Question re security- John Hurley
• » Re: Question re security- Wayne Smith
• » RE: Question re security- Michael McMullen

1. Home
2. oracle-l
3. Archive
4. 01-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---