#Infosec #ManInTheMiddle #encryption passwords sent in clear text

Did you know when you type commands in sqlplus or sqlcl that include a password; if your network is not encrypted, the password is sent in the clear. In fact, all sql commands are sent in the clear to the database if the network is not encrypted.

Great for a man in the middle attack. Make sure your network is encrypted before you start configuring the Oracle database or sending sql statements for that matter.

<code>
c##sec_adminĀ > administer key management set keystore open identified by SecretPassword;

keystore altered.
</code>

This entry was posted in encryption, infosec. Bookmark the permalink.

Leave a Reply