Skip to Main Content

Breadcrumb

Question and Answer

Tom Kyte

Thanks for the question, Balu.

Asked: October 10, 2011 - 8:39 am UTC

Last updated: October 10, 2011 - 11:00 am UTC

Version: 10.0.1

Viewed 1000+ times

You Asked

While searching for password encryption I came across these statements.
1.Password Encryption While Connecting. This protection is always in force, by default. Passwords are always automatically and transparently encrypted during network (client/server and server/server) connections, using a modified DES (Data Encryption Standard) or 3DES algorithm, before sending them across the network.
Ref: http://download.oracle.com/docs/cd/B12037_01/network.101/b10773/authmeth.htm#1006343

Please confirm whether by default oracle encrypts the password before sending it to the database across the network even when the clear text password is used for connecting from a jdbc client.

Thanks In Advance
Balu Nair

and Tom said...

that is what the documentation says - the password is always encrypted when sent from client to server - regardless of what the client is - jdbc, odbc, whatever - they send the password encrypted.

Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.