Oracle Passwords
There's a article discussing how you can crack an Oracle password in about 4 minutes. I've scanned the article and Oracle's password system isn't as bad as I might have thought, but it's pretty bad. The big no-nos was using the user name as the salt (instead of a random value) and forcing the password to uppercase. This greatly simplifies the process of find the password through brute force.
I like bashing Oracle, since:
I like bashing Oracle, since:
- When I first encountered Oracle I had to write connectivity in C++ to get to Oracle (back in 94 or so). I had already done the connectivity to DB-Library and to ODBC and found Oracle's the most problematic.
- Oracle makes the most money of any database out there yet their documentation is rather pathetic.
- Postgres is better on low end (say 2 processor) machines than Oracle.
- Oracle's PL/SQL compiler is often useless for finding errors.
- Oracle's error messages are often useless for finding errors in SQL as well (like which column is wrong).
- They're salespeople are great at FUD.
Comments