Exactly as defined in "Understanding SQL*Net" Oracle documentation part number A42484-1. The reason given, is when talking with older SQL*Net servers the password was passed in the clear. Newer SQL*Net servers understand encrypted passwords. Properly configured SQL*Net networks done by a trained DBA will never leave unencrypted password transmission enabled in the Oracle Network Manager software. The reason why the password is sent in clear text is to support "operating system authenticated logins". Usually the password is "/" in this case. Solution: get your university to configure their Oracle installations to not support plaintext passwords. Andy Finkenstadt oracle guru http://support.us.oracle.com has more information about Oracle. Yaron Yanay wrote: > So the protocol is: > > 1) sending username > 2) if username is invalid: > a) send password in clear text > if username is valid: > b) send encrypted password. > if password is incorrect: > send the password again in _clear text_ > > I hope this will be fixed soon by the company (if anyone knows how to > notify them, please do).
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:33 PDT