9i文档上说：

当使用密码连接DB Server时，Oracle会把密码加密发送过去。如果失败，Oracle会检查DBLINK_ENCRYPT_LOGIN或ORA_ENCRYPT_LOGIN的值。如果为FALSE，Oracle会试图使用明文密码再试一次。如果为TRUE,则不会重试。

这两个值默认都是false，很多人不会刻意设为true.明文密码不是很容易被截获？不明白oracle怎么会这样做，这不留个大漏子吗

Update:

这样做是为了兼容，oracle从7.1开始才加密密码。

metalink上的解释：

What about parameters ora_encrypt_login and dblink_encrypt_login ?

Password during a logon is ALWAYS encrypted. We do this since Oracle 7.1. In

those days, we had the following question: what happens if a 7.1 client connects

to a 7.0 server (which did no credential encryption)? The default behaviour was

that the login credentials were sent encrypted which could not be handled by the

7.0 server; so a second unencrypted transfer was done. The two parameters

specify if this second unencrypted transfer should happen (ora_encrypt_login

for login by a client, dblink_encrypt_login for login by using a database link).

If the second transfer was disabled, no connection was established and an error

given. So the parameters today would make sense only if a newer client connects

to a 7.0 database. A 9.2 client cannot connect to a 7.3 and lower database, so

the parameters are not needed. The second unencrypted transfer does not happen.

但还是不知道9i的client连9i的db,在参数都是默认false的情况下，会不会发生第二次的明文密码login，也没法测试。如果有明文的密码login,虽然截获的是错误的密码，但是还是有危险性的

Book:9i administrator guide

Password Security

If user authentication is managed by the database, security administrators should develop a password security policy to maintain database access security. For example, database users should be required to change their passwords at regular intervals, and of course, when their passwords are revealed to others. By forcing a user to modify passwords in such situations, unauthorized database access can be reduced.

To better protect the confidentiality of your password, Oracle can be configured to use encrypted passwords for client/server and server/server connections.

--------------------------------------------------------------------------------

Note:

It is strongly recommended that you configure Oracle to encrypt passwords in client/server and server/server connections. Otherwise, a malicious user "snooping" on the network can grab an unencrypted password, and use it to connect to the database as another user, thereby "impersonating" that user.

--------------------------------------------------------------------------------

By setting the following values, you can require that the password used to verify a connection always be encrypted:

Set the ORA_ENCRYPT_LOGIN environment variable to TRUE on the client machine.

Set the DBLINK_ENCRYPT_LOGIN server initialization parameter to TRUE.

If enabled at both the client and server, passwords will not be sent across the network "in the clear", but will be encrypted using a modified DES (Data Encryption Standard) algorithm.

The DBLINK_ENCRYPT_LOGIN initialization parameter is used for connections between two Oracle servers (for example, when performing distributed queries). If you are connecting from a client, Oracle checks the ORA_ENCRYPT_LOGIN environment variable.

Whenever you attempt to connect to a server using a password, Oracle encrypts the password before sending it to the server. If the connection fails and auditing is enabled, the failure is noted in the audit log. Oracle then checks the appropriate DBLINK_ENCRYPT_LOGIN or ORA_ENCRYPT_LOGIN value. If it set to FALSE, Oracle attempts the connection again using an unencrypted version of the password. If the connection is successful, the connection replaces the previous failure in the audit log, and the connection proceeds. To prevent malicious users from forcing Oracle to re-attempt a connection with an unencrypted version of the password, you must set the appropriate values to TRUE.