Re: passwords in clear text and password protected roles bypass
- From: Pete Finnigan <oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Mon, 15 Mar 2004 20:46:57 +0000
In article <0HUM00CKWSBVWE@xxxxxxxxxxxxxxxx>, Ravi Kulkarni
<kulkarni.ravi@xxxxxxx> writes
>Great hint, Thank you.
>Is there a way to avoid(/defer) clear-text-passwords when Creating users ?
Hi,
When creating users the password is also sent in clear text. I have
added another new "short" page to my site for this scenario. Two
thoughts spring to mind, either encrypt the connection or set the
password to "password" and set it to be expired so that the user needs
to set a new password using the "password" function or better set it to
expired and locked.
the new page is
http://www.petefinnigan.com/ramblings/create_user_in_clear_text.htm
Thanks Ravi
kind regards
Pete
--
Pete Finnigan
email:pete@xxxxxxxxxxxxxxxx
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
