Archive for September, 2010

Monthly Archive

Sat 18 Sep 2010

Sentrigo nominated for a Community Choice Award from SQL Server Magazine

Posted by Slavik under sentrigo
No Comments

We just found out that Sentrigo was nominated for a Community Choice Award from SQL Server Magazine, as the

Best Security / Auditing / Compliance Product

Of course, if it was based only on the strength of the product, there’s no question we would win :-)
But, since it will be decided based on open voting from the internet, I’d like to ask for your help:
Please go to the link below, and

VOTE FOR SENTRIGO:

Just follow this link:  http://www.surveymonkey.com/s/SQLCommChoiceFinalVoting

And choose Sentrigo Hedgehog Enterprise for item #6
(you may of course vote for any other categories as well…)

Tags:

 

Wed 1 Sep 2010

Mixed case passwords for Oracle

Posted by Slavik under Oracle, Passwords, security
1 Comment

So, we all know that Oracle used to be non-case sensitive when it came to user names and passwords. We also know that since 11g this is not the case and Oracle, by default, is case sensitive.

The one thing I wanted to point out is that even if you are using sec_case_sensitive_logon=false and ignore the case of passwords for backward compatibility, Oracle will still compute the spare4 field (hash) just in case you will turn the parameter to true.

This means that when you choose passwords, you should actually choose a mixed-case password even if it does not matter right now because if an attacker will get access to your hashes, mixing the case will make them harder to break. One has to remember that calculating the hash is much faster than the older algorithm (the password field) so an attacker will probably try the spare4 field first.

How many of you are actually using a mixed case password for Oracle accounts?

Tags: , ,