The logic of null values in Oracle is peculiar. For starters, an empty string is treated as a null value, a behaviour that is totally against the SQL standard and common sense. And comparison operators also behave in unexpected ways when they encounter nulls. A null value is never equal to anything else (makes sense). A null value is also never equal to another null value (stranger, but I can live with that). But apparently a null value is also never not equal (!=) to anything else (which I find very counter-intuitive):

SQL> select * from dual where null = 77;
no rows selected

SQL> select * from dual where null = null;
no rows selected

SQL> select * from dual where null != null;
no rows selected

SQL> select * from dual where null != 77;
no rows selected

This all adds up to a gaping security hole in my login password checking code:

if ( password != v_password) then
    events.count_it(-1); -- wrong password
    return -1;
end if;

Before I changed it to

if ( password is null or password != v_password) then
    events.count_it(-1); -- wrong password
    return -1;
end if;

people have been able to log in just by entering an empty password, which gets interpreted as NULL, which is never regarded as different from the real password.

I am very grateful that someone spotted this before we launched the site.