Secure database access
On Wednesday 01 May 2002 6:23 am, Ing Soc wrote:
This scenario transfers unencrypted zope passwords over your internal network. Is this a problem? If yes you might be better with a topology
The internal network is trusted in this context, so not, it doesn't matter.
Yes, that is the key difference that makes your proposed topology secure.
However, I would be surprised if the Oracle client software would transmit plaintext passwords. Surely not in this day and age!
I didnt mean the password that zope provides to oracle, but rather the passwords that your users provide to zope (via apache). Yes, they are plaintext.
From: "Toby Dickenson" <tdickenson@geminidataloggers.com>
Yes, that is the key difference that makes your proposed topology secure.
However, I would be surprised if the Oracle client software would transmit plaintext passwords. Surely not in this day and age!
I didnt mean the password that zope provides to oracle, but rather the passwords that your users provide to zope (via apache). Yes, they are plaintext.
and actualy, unless you use Oracle's Advanced Networking Option, SQL*Net will not encrypt anything... /dario - -------------------------------------------------------------------- Dario Lopez-Kästen, dario@ita.chalmers.se IT Systems & Services System Developer/System Administrator Chalmers University of Tech.
participants (2)
-
Dario Lopez-Kästen -
Toby Dickenson