Re: passwords case sensitive
> >You could use it to enforce all lowercase, or init caps. > >Jared Hi Jared, You could do as you suggest and enforce all to lowercase or initcaps but what is the point?, Oracle is not case sensitive for passwords even when the password is set using quotes. See for example: SQL> connect system/[EMAIL PROTECTED] Connected. SQL> -- create a user no quotes lower case SQL> create user jared identified by jared; User created. SQL> select password from dba_users where username='JARED'; PASSWORD -- C142CAC4DE964694 SQL> -- change the password, no quotes upper case SQL> alter user jared identified by JARED; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD -- C142CAC4DE964694 SQL> -- change the password, no quotes initcap SQL> alter user jared identified by Jared; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD -- C142CAC4DE964694 SQL> -- try now with quotes, upper case SQL> alter user jared identified by "JARED"; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD -- C142CAC4DE964694 SQL> -- with quotes, lower case SQL> alter user jared identified by "jared"; User altered. SQL> select password from dba_users where username ='JARED'; PASSWORD -- C142CAC4DE964694 SQL> -- with quotes initcap SQL> alter user jared identified by "Jared"; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD -- C142CAC4DE964694 As yu can no doubt see the hash is the same no matter what case is used and also even if the password is encased in quotes. This seems to defy the logic of using quotes as doing so allows the use of any character such as: SQL> alter user jared identified by "£$%^"; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD -- 8248DF340D98455E SQL> connect jared/"£$%^"@zulia ERROR: ORA-01045: user JARED lacks CREATE SESSION privilege; logon denied Warning: You are no longer connected to ORACLE. SQL> connect system/[EMAIL PROTECTED] Connected. SQL> grant create session to jared; Grant succeeded. SQL> connect jared/"£$%^"@zulia Connected. SQL> why then if it allows the whole character set including control characters does it change make ASCII letters case insensitive? Anyway the point is from above the original OP cannot force a password to be case sensitive as Oracle does not recognise case for passwords. kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Passed Net8 OCP Exam
Congrats dennis - Original Message - To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Friday, October 17, 2003 00:54 > I just passed the Net8 Administration OCP exam. This was my last exam, so I > suppose I am now an OCP for Oracle8i. >Thanks to everyone for their helpful tips. Some people said (or implied) > that this is a very easy exam. I would dispute that. I found it just like > the other exams, in that if you have quite a bit of on-the-job experience in > the area, then it is easy. If not, you'll have to study more. In my case, >- I don't like networking, and hate to drop everything to configure or > debug someone's tnsnames.ora file. >- Never had an Oracle networking class. >- Our site has only needed local naming, so that is pretty much all my > networking experience. Found all the questions related to local naming > pretty easy. Never used Oracle Names, Connection Manager, MTS, Advanced > Security. With the trend toward application servers with their connection > pooling feature, I don't foresee us using any of those Oracle tools. I may > need to use LDAP in the future, but that wasn't covered in the Oracle8i Net8 > exam > My goal was just to study and practice enough to practice the exam, and I > accomplished the goal. Not a very lofty goal, but sometimes you do what you > gotta do. Thanks everyone for the helpful suggestions. > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: DENNIS WILLIAMS > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: <[EMAIL PROTECTED] INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: How to add ' (comma) at the begining and end of each line? Either Unix or Windows
Use the 'search and replace' functionality of ultraedit with 'regular expressions' enabled. First select 'replace all' for replacing % with ' Then select 'replace all' for replacing $ with ' - Original Message - To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Thursday, October 16, 2003 19:50 Unix or Windows > Hi List > > I have 1000 lines in my data file. I want to add > '(comma) at the begining and end of each line. > > For example, > > abf > jd > djkhk > jd3 > > Shold be convrted to > > 'abf', > 'jd', > 'djkhk', > 'jd3', > > Any help will be really appreciated. > > Thanks > Sami > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Oracle DBA > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: <[EMAIL PROTECTED] INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: passwords case sensitive
Thanks Pete. 'twould be nice if Oracle allowed a package for complete control over the password. Doesn't seem to likely now though with so many authentication alternatives. Jared On Sun, 2003-10-19 at 02:35, Pete Finnigan wrote: > > > >You could use it to enforce all lowercase, or init caps. > > > >Jared > > Hi Jared, > > You could do as you suggest and enforce all to lowercase or initcaps but > what is the point?, Oracle is not case sensitive for passwords even when > the password is set using quotes. See for example: > > SQL> connect system/[EMAIL PROTECTED] > Connected. > SQL> -- create a user no quotes lower case > SQL> create user jared identified by jared; > > User created. > > SQL> select password from dba_users where username='JARED'; > > PASSWORD > -- > C142CAC4DE964694 > > SQL> -- change the password, no quotes upper case > SQL> alter user jared identified by JARED; > > User altered. > > SQL> select password from dba_users where username='JARED'; > > PASSWORD > -- > C142CAC4DE964694 > > SQL> -- change the password, no quotes initcap > SQL> alter user jared identified by Jared; > > User altered. > > SQL> select password from dba_users where username='JARED'; > > PASSWORD > -- > C142CAC4DE964694 > > SQL> -- try now with quotes, upper case > SQL> alter user jared identified by "JARED"; > > User altered. > > SQL> select password from dba_users where username='JARED'; > > PASSWORD > -- > C142CAC4DE964694 > > SQL> -- with quotes, lower case > SQL> alter user jared identified by "jared"; > > User altered. > > SQL> select password from dba_users where username ='JARED'; > > PASSWORD > -- > C142CAC4DE964694 > > SQL> -- with quotes initcap > SQL> alter user jared identified by "Jared"; > > User altered. > > SQL> select password from dba_users where username='JARED'; > > PASSWORD > -- > C142CAC4DE964694 > > As yu can no doubt see the hash is the same no matter what case is used > and also even if the password is encased in quotes. This seems to defy > the logic of using quotes as doing so allows the use of any character > such as: > > SQL> alter user jared identified by "£$%^"; > > User altered. > > SQL> select password from dba_users where username='JARED'; > > PASSWORD > -- > 8248DF340D98455E > > SQL> connect jared/"£$%^"@zulia > ERROR: > ORA-01045: user JARED lacks CREATE SESSION privilege; logon denied > > > Warning: You are no longer connected to ORACLE. > SQL> connect system/[EMAIL PROTECTED] > Connected. > SQL> grant create session to jared; > > Grant succeeded. > > SQL> connect jared/"£$%^"@zulia > Connected. > SQL> > > why then if it allows the whole character set including control > characters does it change make ASCII letters case insensitive? > > Anyway the point is from above the original OP cannot force a password > to be case sensitive as Oracle does not recognise case for passwords. > > kind regards > > Pete > -- > Pete Finnigan > email:[EMAIL PROTECTED] > Web site: http://www.petefinnigan.com - Oracle security audit specialists > Book:Oracle security step-by-step Guide - see http://store.sans.org for details. > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Pete Finnigan > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
i want to change my terminal type in oracle.
i want to change my terminal type in oracle. is there a parameter that i have to change? what is this oraterm.r file? -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
does anyone know how to add terminal type in oracle unix?
does anyone know how to add terminal type in oracle unix? how do you use oraterm and otgen? thanks. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Patch Set 3 Version 9.2.0.4.0 for Linux x86 that makes use of a buffer overflow
Hi, is there any workaround concerning this: http://packetstormsecurity.nl/filedesc/oracle_ownage.c.html TIA gbWant to chat instantly with your online friends? Get the FREE Yahoo! Messenger
Data Transfer between two instances
Hi all, we have an application which needs data from other environment (which is actually SAP db). Currently we have implemented it the way we create flat files and put them in using pl/sql -procedures but I don't like this because the data in the flat files are "visible" and it is somehow "secret". What other options we might have if we do not want to use db links (because of its slowness. I very much appreciate all your suggestions... TIA gbWant to chat instantly with your online friends? Get the FREE Yahoo! Messenger
Re: Data Transfer between two instances
That is actually what external procedures were made for. So, here is how I would do it: I would create a set of C programs which would ask the server process on the SAP DB side for the data and then deliver that data back to oracle. You have a myriad of means for communication between the processes: - Pipes Most traditional and primitive, but very easy to probram. Also, pipes are limited in scope because they cannot handle network. There are tricks with named pipes and NFS, but those are perversions of Tao and those who use them will be rewarded by having to use winsock for all eternity. - Sockets. They're easy to program and to implement, they handle network well, but the problem lies within the unix file paradigm they use. Sockets treat every transfer as an amorph mass of bytes and do not impose any structure on what's transimitted/received. - Messaging systems. IBM MQ Series, TIBCO Rendesvouz, Oracle's own AQ stuff. Those systems impose structure but are, generally speaking, less performant then sockets or pipes. - Shared memory and System V IPC, combined with mmap. That is absolutely the fastest way to do such things, but also the hardest one to program. In essence, two programs map ("attach") the same shared memory buffer and they use it to communicate among themselves. The programmer is responsible for synchronizing access and singalling. You should really get "Unix Network Programming" written by Richard Stevens. Both volumes together cost around $140 but are well worth it. - CORBA and TP monitor stuff. TP monitors (I worked with the two most popular TP monitors, IMS and CICS in the 80's and I'm grateful to the Lord in heaven that I don't have to that any more. Hallelujah!). TP monitors often have proprietary means of communication between transactions. I dunno much about CORBA, but my impressions are that it will be rady for prime time sometimes in the year 2525 (I love 106.8 light FM, radio with most music and least talk). To make things even better, both vendors support some of the products listed above (CORBA, TP monitors, messaging systems) on the marketing level. If I were you, and if there weren't gigabytes of information to transfer in a secure fashion over WAN, I'd stick with pipes or sockets. On 2003.10.20 01:39, Gunnar Berglund wrote: Hi all, we have an application which needs data from other environment (which is actually SAP db). Currently we have implemented it the way we create flat files and put them in using pl/sql -procedures but I don't like this because the data in the flat files are "visible" and it is somehow "secret". What other options we might have if we do not want to use db links (because of its slowness. I very much appreciate all your suggestions... TIA gb - Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger -- Mladen Gogala Oracle DBA -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Mladen Gogala INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).