-none- 2004-08-06 - By -not available-
By setting the following values, you can require that the password used =
to=20
verify a connection always be encrypted:=20
Set the ORA_ENCRYPT_LOGIN environment variable to TRUE on the client=20
machine.=20
Set the DBLINK_ENCRYPT_LOGIN server initialization parameter to TRUE.=20
If enabled at both the client and server, passwords will not be sent=20
across the network "in the clear ", but will be encrypted using a =
modified=20
DES (Data Encryption Standard) algorithm.=20
The DBLINK_ENCRYPT_LOGIN initialization parameter is used for =
connections=20
between two Oracle servers (for example, when performing distributed=20
queries). If you are connecting from a client, Oracle checks the=20
ORA_ENCRYPT_LOGIN environment variable.=20
Whenever you attempt to connect to a server using a password, Oracle=20
encrypts the password before sending it to the server. If the connection =
fails and auditing is enabled, the failure is noted in the audit log.=20
Oracle then checks the appropriate DBLINK_ENCRYPT_LOGIN or=20
ORA_ENCRYPT_LOGIN value. If it set to FALSE, Oracle attempts the=20
connection again using an unencrypted version of the password. If the=20
connection is successful, the connection replaces the previous failure =
in=20
the audit log, and the connection proceeds. To prevent malicious users=20
from forcing Oracle to re-attempt a connection with an unencrypted =
version=20
of the password, you must set the appropriate values to TRUE.=20
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe send email to: oracle-l-request@(protected)
put 'unsubscribe ' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
|
|
