Does Oracle OCI function OCIPasswordChange encrypt transmitted password

僤鯓⒐⒋嵵緔 提交于 2019-12-24 05:59:02

问题


I am working on an application that uses Oracle OCI to connect to the Oracle database server. The application allows the user to change their Oracle password and uses Alter User xxx Identified By to perform this.

However, this transmits the user's new password in clear text over the network (we cannot use Oracle SSL to encrypt network traffic). I have found that Oracle recommends using the PASSWORD command in SQLPlus rather than ALTER USER, one reason being that the new password encrypted.

Does the OCI method OCIPasswordChange also encrypt the new password when it is transmitted over the network?

This is using Oracle 10 and 11.


回答1:


Yes, OCIPasswordChange does encrypt the new password sent over the network.

I have now implemented this and done a packet trace. An encrypted AUTH_NEWPASSWORD packet is transmitted to the Oracle database server.



来源:https://stackoverflow.com/questions/19899426/does-oracle-oci-function-ocipasswordchange-encrypt-transmitted-password

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!