#Infosec #ManInTheMiddle #encryption passwords sent in clear text

Did you know when you type commands in sqlplus or sqlcl that include a password; if your network is not encrypted, the password is sent in the clear. In fact, all sql commands are sent in the clear to the database if the network is not encrypted.

Great for a man in the middle attack. Make sure your network is encrypted before you start configuring the Oracle database or sending sql statements for that matter.

<code>
c##sec_admin > administer key management set keystore open identified by SecretPassword;

keystore altered.
</code>

This entry was posted in encryption, infosec by rlockard. Bookmark the permalink.

About rlockard

Robert Lockard is a professional Oracle Designer, Developer and DBA working in the world of financial intelligence. In 1987 his boss called him into his office and told him that he is now their Oracle Wizard then handed him a stack of Oracle tapes and told him to load it on the VAX. Sense then, Robert has worked exclusively as an Oracle database designer, developer and Database Administrator. Robert enjoys flying vintage aircraft, racing sailboats, photography, and technical diving. Robert owns and fly’s the “Spirit of Baltimore Hon” a restored 1948 Ryan Navion and lives in Glen Burnie Maryland on Marley Creek

Welcome to oraclewizard