Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> SQLNET.ALLOWED_LOGON_VERSION
(Message started by: Pete Finnigan on May 22nd, 2007, 6:20pm)

Title: SQLNET.ALLOWED_LOGON_VERSION
Post by Pete Finnigan on May 22nd, 2007, 6:20pm
Hello,

Oracle is recommending to set this parameter to match with database level and setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will force the Server to use a less secure authentication protocol. Also Setting this value to older versions could expose vulnerabilities that may have existed in the authentication protocols.

What does it mean less secure authentication protocol? What are those vulnerabilities?
Does it mean the Oracle 9I and 8I authentication protocol is less secure than 10g?

Thanks
Raj

Title: Re: SQLNET.ALLOWED_LOGON_VERSION
Post by Pete Finnigan on May 26th, 2007, 1:05am
Hello,

Here are some useful links about oracle authentication protocols:

http://www.securiteam.com/securitynews/5KP0M00KKG.html

http://www.freelists.org/archives/dbsec/11-2006/msg00005.html

http://www.soonerorlater.hu/index.khtml?article_id=511

cheers

Laszlo




Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board