Evony Guides and Help
Trik Forum - RuneScape Forum  
Register Forum Homepage Members Mark Forums Read


Trik Members: 34,705 | Total Posts: 134,006 | Total Threads: 25,847
Welcome to our newest member, ahr1mz.
Go Back   Trik Forum - RuneScape Forum > Off-Topic > General Discussion
Reload this Page Oracle 11G's Strong Verifier and Case Sensitive Password
Home Music Donate! Most Active
General Discussion Feel free to talk about anything and everything in here.


Reply
 
Thread Tools Display Modes
Oracle 11G's Strong Verifier and Case Sensitive Password
Old
  (#1)
Felty69 is Offline
Private
Felty69 is an unknown quantity at this point
 
Posts: 1
Join Date: Jul 2008
   
Default Oracle 11G's Strong Verifier and Case Sensitive Password - 07-12-2008, 02:04 AM
As an Oracle DBA, you probably have heard a lot about the new security features in Oracle 11G such as database vault, audit vault, strong verifier, enhanced ASO, etc. But with a busy schedule, how do you find the time to study all the topics in depth? Are all of them going to affect your daily DBA operations? What should you know first and foremost? Of course, depending on the particular database you are administering, you will have your unique need. But as a rule of thumb, what tends to affect you the most is almost never those cool new features. The reason is simple: if you don't use them, they won't affect you. What tends to affect you is the change in the existing features that might lead to compatibility or interoperability issues. When that script you have used for years suddenly stops working, you will be disappointed. When your boss or above calls to ask what happened, you could feel terrible.

In this article, we discuss the new password case sensitivity feature in 11G. Every Oracle session starts with authentication. If the authentication fails at the beginning of any Professional website design script, everything that follows will almost certainly be broken. So what was changed, why, and what should you know?

I'll start with a primer on password verifier. As you probably know, for security reasons, Oracle user's passwords are never stored as clear text. Instead, they are stored as a "verifier", a one-way hash value calculated from the clear text password. Hash verifier has a few unique features. One, it is "one-way": It is easy to calculate the hash value from a clear text password, but it is nearly impossible to figure out the clear text password from a hash value. Two, different clear texts almost never yield the same hash value (called collision). These features allow Oracle database to store the hash value of a user's password as a surrogate for the clear text password. When a user provides a password to logon, Oracle calculates the hash value from that password, and allows the user to logon if it matches the hash value that is stored in the database. To get a feel what an Oracle verifier looks like, take a look at the PASSWORD column in the user$ table in SYS schema (of course, you will need SYSDBA privilege to do that).
  
Reply With Quote Share with Facebook
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off




======================================================================================== ---------------------------------------------------------------------------------------- ========================================================================================

Your Ad Here

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright © Trik.com

Trik.com Forum - The World You Want - Sitemap - Privacy Statement - Top