Roger, James, Ed, Rick,
Thanks for your responses...
To the best of my knowledge Encryption between the ARS and the Oracle server was never and isn't as yet supported. This is because when you enable Oracle encryption, the .so file that the installation process needs to be compiled with is not supported with the ARS installer and its binaries. To support this Remedy would need to recompile its installation scripts which to the best of my knowledge wasn't done and isn't done as yet. Yes we do plan to use a sniffer tool to verify what actually happens.
I guess I did not really cleary state my question to the list on my original post - so I'll explain better below....
Basically my customer has raised a few concerns about security which I hope to share with you guys as best as I can. I invite your replies to these questions..:-
1) Is the user name sent as clear text?
2) Is the password sent as clear text?
3) Are both the user name and passwords sent as clear text?
4) Is the encryption a hex or linear conversion of the contents of the password field (and username field)? Or is it a better encrytpion algorithm than that?
5) What is the kind of algorithm that is used for this encryption? Something that an average hacker with standard hacking tools available pretty much as freewares could hack into? Or is it using a proprietry algorithm that hasn't been broken into as yet?
I guess these are more the questions that I would be interested to get answers to.
Joe D'Souza
Remedy Developer / Consultant,
BearingPoint,
Virginia.
