Title: RE: ORA_ENCRYPT_LOGIN
Hmm...after trying to verify password being passed as plain text, I went back to
do some research on metalink, and it looks like encryption of passwords is done
by default in 8.1.5 (Net8) and higher. Only confusion now is whether I need to
set ORA_ENCRYPT_LOGIN
Title: RE: ORA_ENCRYPT_LOGIN
Here is what the docs have to say...
By setting the following values, you can require that the password used to verify a connection always be encrypted:
Set the ORA_ENCRYPT_LOGIN environment variable to TRUE on the client machine.
Set
is not sent
in the clear?
-Original Message-From: MacGregor, Ian A.
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, May 21, 2002 8:18
PMTo: Multiple recipients of list ORACLE-LSubject: RE:
ORA_ENCRYPT_LOGIN
Even
without this parameter being setthe password is encrypted. What the
parameter does
text when the ORA_ENCRYPT_L0ginparameter is set to TRUE. I
believe it will be sent in the clear if the Oracle server side of SQL*NET is
incapable of handling encrypted passwords and ORA_ENCRYPT_LOGIN
is set to false.( I cannot , off the top of my head, remember if the
parameter takes YES
could not say about the net8, but in oracle 7 clients, if the initial login
fails, the client will do the *next*
login attempt using *plain text* as password !!! but if this param is set
to TRUE, all the attempts are
done using an encrypted password.
set ORA_ENCRYPT_LOGIN = TRUE
Title: SQL Server to Oracle DB
Anyone
using this and if so, do you know of a way to verify that the password is
actually being encrypted?
Thanks.
[EMAIL PROTECTED] wrote:
Anyone using this and if so, do you know of a way to verify that the
password is actually being encrypted?
Thanks.
seems like you could put a sniffer on it and watch the data flow by.
--
--
Bill Shrek Thater ORACLE DBA
I'm not using it, but you can look at the packets too and from the
client by setting these lines in the clients sqlnet.ora:
TRACE_LEVEL_CLIENT = 16
TRACE_DIRECTORY_CLIENT = some directory
TRACE_FILE_CLIENT = some file
The output is pretty huge, so you don't want to do this for more than
a
: Tuesday, May 21, 2002 9:34
AMTo: Multiple recipients of list ORACLE-LSubject:
ORA_ENCRYPT_LOGIN
Anyone using this and if so, do you know of a way to
verify that the password is actually being encrypted?
Thanks.