My Oracle Support Banner

Non-encrypted Password In Database (Doc ID 2770420.1)

Last updated on APRIL 29, 2022

Applies to:

Oracle Documaker - Version 12.6.4 and later
Information in this document applies to any platform.

Goal

While digging into the database for some troubleshooting for Documaker Studio, we have encountered the fact that the Documaker user's password isn't encrypted. We were curious about it, because it opens the fact that we could be attack from the inside if someone ever goes rogue.

The unencrypted password can be found in dmkr_asline.DMRES_DMUSER.

First: Is there a way to encrypt it without breaking the app?
Second: Is there any other non-encrypted passwords around that we should be aware of that we didn't see yet?

This is a major security concern for us.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.