My Oracle Support Banner

Passwords to be stored in irreversible salted hash formats. (Doc ID 2686021.1)

Last updated on FEBRUARY 27, 2022

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 8.0.6.2.0 and later
Information in this document applies to any platform.

Goal

Issue #1: Navigate to System Configuration=>Configure OLAP Details', the OLAP credentials are seen to be reflected back within the browser with a masked password. However, the intercepted raw response reveals the plaintext password.

Issue #2: Navigate to 'Database Details=>(View)=>Connection Details=>Alias Name=>View’ presents a masked 'Auth String' that gets revealed within the raw response when intercepted.

Reflecting passwords either in plain text within the browser’s response or within the raw response ,demonstrates poor security practices with both password obfuscation and password storage. And hence passwords are required in irreversible salted hash formats.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.