[WEB SECURITY] Oracle wallet and Oracle password file ency?

Deepak Dhyani deepakdhyani.cs at gmail.com
Mon Aug 18 05:34:07 EDT 2014


I want to understand how oracle(11g) stores passwords in files.

1)Password files authentication(SYS auth). How credentials are ency/hashed
in files? How it works internally.

2)Oracle wallet (it uses 3DES I guess) . For autologin how it secures the
password? where it stores the keys etc. Looks like it's just files
permissions based security but want to understand internals.

Any pointers?

for DB user authetication it uses salted hash which is fine.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140818/3e4b2bf7/attachment.html>

More information about the websecurity mailing list