While searching for password encryption I came across these statements.
1.Password Encryption While Connecting. This protection is always in force, by default. Passwords are always automatically and transparently encrypted during network (client/server and server/server) connections, using a modified DES (Data Encryption Standard) or 3DES algorithm, before sending them across the network.
Ref:
http://download.oracle.com/docs/cd/B12037_01/network.101/b10773/authmeth.htm#1006343 Please confirm whether by default oracle encrypts the password before sending it to the database across the network even when the clear text password is used for connecting from a jdbc client.
Thanks In Advance
Balu Nair
that is what the documentation says - the password is always encrypted when sent from client to server - regardless of what the client is - jdbc, odbc, whatever - they send the password encrypted.