We will be seeing two aspects of it:
1. How the password moves over the network?
2. Is the password in Redo logs stored in encrypted format?
How the password moves over the network?
In the SQLNET.ora add the following parameters –
TRACE_LEVEL_SERVER = SUPPORT
TRACE_DIRECTORY_SERVER = /u01/product/10.2/network/trace
This will create a sqnet.trc under /u01/product/10.2/network/trace
Now, if you change the password of any user, like;
ALTER USER TEST IDENTIFIED BY TEST;
Then this trace file will capture the changes to the trace file like this –
[000001 24-SEP-2008 13:29:33:535] nsprecv: 01 10 1F 93 A8 24 61 6C .....$al
[000001 24-SEP-2008 13:29:33:535] nsprecv: 74 65 72 20 75 73 65 72 ter.user
[000001 24-SEP-2008 13:29:33:535] nsprecv: 20 74 65 73 74 31 20 69 .test1.i
[000001 24-SEP-2008 13:29:33:535] nsprecv: 64 65 6E 74 69 66 69 65 dentifie
[000001 24-SEP-2008 13:29:33:535] nsprecv: 64 20 62 79 20 74 65 73 d.by.tes
[000001 24-SEP-2008 13:29:33:535] nsprecv: 74 31 00 00 00 01 00 00 t1......
This suggests us that passwords are transferred in an unencrypted format. But we can disable the creation of sqlnet.trc file by setting the parameter TRACE_LEVEL_SERVER set to OFF.
Is the password in Redo logs stored in encrypted format?
Yes, the password stored in the redolog are in encrypted format although we should not be using easy password that can be cracked easily.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment