This is a multi-entry post dealing with three points:
a) the Dizwell site. Most of you, if you don't already know, Howard Rogers decided to shut down his Dizwell site citing time constraints and also frustration with readers who seems to either can't follow directions or who seems to be demanding that they be spoon-fed with knowledge and refusing to learn/experiment on their own. There were several posts by other bloggers which indicated that HJR had a change of mind and decided to bring back Dizwell (and I sincerely hope he does as it is a very source of valuable Oracle information for the Oracle community) but when I last looked, it was still unavailable although instead of getting a "Page not found" error I got the following.
It seems that the error page also displayed the password used (erased in my picture) which I think is a security breach for if the error occurred not because of an invalid password but some other misconfiguration, then in essence, Drupal had just given the keys to whatever is in the MySQL database.
b) Oracle password hashes. David Litchfield has posted an entry to freelist containing C code which demonstrate that it is possible to get Oracle passwords if you know hashed passwords (stored in DBA_USERS) and the associated AUTH_SESSKEY and AUTH_PASSWORD from sniffing the packages on the network. Thanks to Paul Wright for pointing out the entry. I have yet to try out Litchfield's code to verify but that would mean that the hashed passwords stored within the database has to be protected and restricted. The question is how and what the impact would be.
c) There is a recently new blog called OracleBrains whose aim was to provide a source for Oracle information. I applaued the intention but I find it lacking in that it seems to restate stuff that are in the Oracle documentation and I find that a lot of the posts do not explain why but only show how which is as dangerous as certain things/changes should only be attempted after verification and under certain conditions. For example, their post on Oracle roles did not explain why you would get an error after you have switched role within your session and I could not be bothered to leave a comment on their blog as it required logging in with a WordPress account (another account to track). I for one is puzzled by their comment setup as it seems to referred back to the posting instead of showing the comments left by the readers and the folks at OracleBrains will post responses to these comments as another blog entry which is confusing as anything since you are now trying to following multiple postings dealing with the same subject/topic. Now this entry is not meant to criticize OracleBrains but to suggest some improvements as I am for more Oracle resources to be available on the Internet.