A clause that specifies a string literal that is the name of the operating system platform password assigned to user_name.
The password is used to authenticate the user when the secure server process is created. Best practices suggest that any session that uses this statement should be set up to use the encrypted transport protocol (see Security Administration, B035-1100 for details).
While it is never desirable for a password to be typed in the clear, it only becomes an issue when you enter your password using an interface such as BTEQ. The issue becomes moot if you are prompted to enter your password by an application that requests the information in a secure manner such as a GUI or World Wide Web interface that displays ASTERISK characters to represent the password as it is typed. This is the recommended practice for all security conscious sites.