Mark Mielke wrote:
> Does Oracle really do password checks on the base SQL commands used to
> change an Oracle password? That sounds silly.
In Oracle you can write a stored procedure to check passwords;
it is invoked whenever a user is created or altered.
No matter how you change the password, Oracle can always recover
the plaintext and feed it to the password checking function.
So, unless you use the "Advanced Security" option (extra $$) that
enables you to encrypt network connections, any eavesdropper
with knowledge of Oracle's (secret) encryption algorithms can get
your new password when you change it.
And the DBA can get your password with ease.
Yours,
Laurenz Albe
