[Zope] Secure database access

Dario Lopez-Kästen dario@ita.chalmers.se
Thu, 2 May 2002 08:14:32 +0200


From: "Toby Dickenson" <tdickenson@geminidataloggers.com>

> Yes, that is the key difference that makes your proposed topology secur=
e.
>
> > However, I would be surprised
> >if the Oracle client software would transmit plaintext
> >passwords. Surely not in this day and age!
>
> I didnt mean the password that zope provides to oracle, but rather the
> passwords that your users provide to zope (via apache). Yes, they are
> plaintext.
>

and actualy, unless you use Oracle's Advanced Networking Option, SQL*Net
will not encrypt anything...

/dario

- --------------------------------------------------------------------
Dario Lopez-Kästen, dario@ita.chalmers.se        IT Systems & Services
System Developer/System Administrator     Chalmers University of Tech.