OCI8 is the login info clear text?

Anon

Is the login information when connecting to Oracle via oci8 clear text or is it encrypted?
I just assumed that it was using sqlnet and then assuming that it is encrypted. Thanks for any info.

Thanks.

Anon

From the PHP4 OCI8 library to the Oracle8 client OCI functions, the password is passed as a string so it is in memory as clear text. If someone broke into your machine and had the right tools, they could scan the memory of the machine for passwords. This is an unlikely situation, but still theoretically possible.

From the Oracle8 client OCI functions to the database server over SQLNet (now called Net8), the password is encrypted to varying degrees depending on how you've configured SQLNet.

For the security mavens, there is "Oracle Advanced Security" info at http://www.oracle.com/ip/deploy/database/8i/index.html?advsec.html

-- Michael
Darkstreak Consulting
www.darkstreak.com