True that could be the case. However if we go along that reasoning, one can argue discussing anything to do with auditing or security for that matter help the bad guys. I remember someone posted a plsql script that exploited a oracle vulnerability related to java. That would have been far serious. Personally, I think that is he/she has physical access and sysdba details, its too late to think about such thing. In that case, such worries should be disregarded and assumed that we are responding to a honest user ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> To: RStorey@xxxxxxxxxxxxxxxxxx <RStorey@xxxxxxxxxxxxxxxxxx> Cc: oracle-l-freelists <oracle-l@xxxxxxxxxxxxx> Sent: Tue Mar 23 08:19:26 2010 Subject: Re: password not wishing to cast any doubt upon anybody in this case however in similar circumstances how can we be sure we are NOT helping someone HACK into a system? On 23 March 2010 13:07, Storey, Robert (DCSO) <RStorey@xxxxxxxxxxxxxxxxxx<mailto:RStorey@xxxxxxxxxxxxxxxxxx>> wrote: Do you know how it was encrypted? Is the front end using an encryption scheme or a vendor supplied encryption tool? From: oracle-l-bounce@xxxxxxxxxxxxx<mailto:oracle-l-bounce@xxxxxxxxxxxxx> [mailto:oracle-l-bounce@xxxxxxxxxxxxx<mailto:oracle-l-bounce@xxxxxxxxxxxxx>] On Behalf Of Zelli, Brian Sent: Tuesday, March 23, 2010 7:46 AM To: 'Holvoet, Jo'; oracle-l-freelists Subject: RE: password No it is encrypted. ciao, Brian Brian J. Zelli, Ed.M. Sr. Database Administrator Enterprise Application/Systems Integration Information Technology - Roswell Park Cancer Institute phone: (716) 845-4460 email: brian.zelli@xxxxxxxxxxxxxxx<mailto:brian.zelli@xxxxxxxxxxxxxxx> ________________________________ From: Holvoet, Jo [mailto:jo.holvoet@xxxxxxxxxxxxx<mailto:jo.holvoet@xxxxxxxxxxxxx>] Sent: Tuesday, March 23, 2010 8:42 AM To: Zelli, Brian; oracle-l-freelists Subject: RE: password If the apps use it, can’t you find it back on the app side ? If not in the code, then in a config type file maybe ? mvg / regards, Jo Holvoet ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx<mailto:oracle-l-bounce@xxxxxxxxxxxxx> [mailto:oracle-l-bounce@xxxxxxxxxxxxx<mailto:oracle-l-bounce@xxxxxxxxxxxxx>] On Behalf Of Zelli, Brian Sent: dinsdag 23 maart 2010 13:38 To: oracle-l-freelists Subject: password I lost the password for a schema user that runs applications. I can't change it because it will crash the apps. How can I figure out what it was? Does anyone have a hack script that can reveal it? ciao, Brian This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for the delivery of this message to the intended recipient(s), you are hereby notified that any disclosure, copying, distribution, or use of this email message is prohibited. If you have received this message in error, please notify the sender immediately by e-mail and delete this email message from your computer. Thank you. This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for the delivery of this message to the intended recipient(s), you are hereby notified that any disclosure, copying, distribution, or use of this email message is prohibited. If you have received this message in error, please notify the sender immediately by e-mail and delete this email message from your computer. Thank you. -- Howard A. Latham