Put DBMS_RANDOM in the script. Be warned, that may produce random results. On 03/15/2004 01:50:42 PM, Ravi Kulkarni wrote: > Great hint, Thank you. > Is there a way to avoid(/defer) clear-text-passwords when Creating users ? > > > -----Original Message----- > From: oracle-l-bounce@xxxxxxxxxxxxx > [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Pete Finnigan > Sent: Sunday, March 14, 2004 1:14 PM > To: oracle-l@xxxxxxxxxxxxx > Subject: passwords in clear text and password protected roles bypass > > > Hi Everyone, > > Further to Nuno's question last week I have just put two short papers on > my website, the first discussing clear text password transmissions when > changing a users password in the database which i showed in my post last > and the second discussing the same issue with set role {blah} identified > by {blah}. > > The second paper also discusses an issue I found whereby you can bypass > the password protection assigned to a role. Both papers describe the > issues and also suggest possible solutions. The papers are available > from: > > http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm > and > http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht > m > > Hope you find them useful. > > kind regards > > Pete > -- > Pete Finnigan > email:pete@xxxxxxxxxxxxxxxx > Web site: http://www.petefinnigan.com - Oracle security audit specialists > Book:Oracle security step-by-step Guide - see http://store.sans.org for > details. > > ---------------------------------------------------------------- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > ---------------------------------------------------------------- > To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx > put 'unsubscribe' in the subject line. > -- > Archives are at //www.freelists.org/archives/oracle-l/ > FAQ is at //www.freelists.org/help/fom-serve/cache/1.html > ----------------------------------------------------------------- > > ---------------------------------------------------------------- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > ---------------------------------------------------------------- > To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx > put 'unsubscribe' in the subject line. > -- > Archives are at //www.freelists.org/archives/oracle-l/ > FAQ is at //www.freelists.org/help/fom-serve/cache/1.html > ----------------------------------------------------------------- > ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------