Great hint, Thank you. Is there a way to avoid(/defer) clear-text-passwords when Creating users ? -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Pete Finnigan Sent: Sunday, March 14, 2004 1:14 PM To: oracle-l@xxxxxxxxxxxxx Subject: passwords in clear text and password protected roles bypass Hi Everyone, Further to Nuno's question last week I have just put two short papers on my website, the first discussing clear text password transmissions when changing a users password in the database which i showed in my post last and the second discussing the same issue with set role {blah} identified by {blah}. The second paper also discusses an issue I found whereby you can bypass the password protection assigned to a role. Both papers describe the issues and also suggest possible solutions. The papers are available from: http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm and http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht m Hope you find them useful. kind regards Pete -- Pete Finnigan email:pete@xxxxxxxxxxxxxxxx Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------