PDA

Click to See Complete Forum and Search --> : Login authentication against Database user?

vikascv
04-19-2006, 08:08 AM
Hi,

I need to authenticate in my Java application based on Database users. Is there anyway to generate the HASH value of the Oracle password of the user logging in so as to compare it with the Password column of the DBA_USERS table?

Kindly help.
Thanks in advance
Vikas
tamilselvan
04-19-2006, 05:05 PM
Hi,

I need to authenticate in my Java application based on Database users. Is there anyway to generate the HASH value of the Oracle password of the user logging in so as to compare it with the Password column of the DBA_USERS table?

Kindly help.
Thanks in advance
Vikas

Yes, you can use it.


1 select dbms_utility.get_hash_value(password,1000000,9999999)
2 from dba_users
3* where username = 'TAMIL'
20:04:39 SQL> /

DBMS_UTILITY.GET_HASH_VALUE(PASSWORD,1000000,9999999)
-----------------------------------------------------
7531882



Tamil
jmodic
04-19-2006, 06:14 PM
Yes, you can use it.


1 select dbms_utility.get_hash_value(password,1000000,9999999)
2 from dba_users
3* where username = 'TAMIL'
20:04:39 SQL> /

DBMS_UTILITY.GET_HASH_VALUE(PASSWORD,1000000,9999999)
-----------------------------------------------------
7531882



Tamil
Here you are simply rehashing (with a different hash alghorythm) allready hashed password. This is not what the original poster wants - he wants to hash user-supplied plain text password and then compare that hash value with the hash stored in DBA_USERS.PASSWORD.

Vikascv, I don't think there is any Oracle's built in package/procedure/function that implements the hashing alghorytm used for storing database passwords. But the alghorytm that Oracle uses for hashing passwords has allready been published and described on various internet oracle-related forums, so it should not be too hard to create that functionality in the language of your choice. Use google.....
tamilselvan
04-20-2006, 11:26 AM
Here you are simply rehashing (with a different hash alghorythm) allready hashed password. This is not what the original poster wants - he wants to hash user-supplied plain text password and then compare that hash value with the hash stored in DBA_USERS.PASSWORD

Sorry, I misunderstood the question.

Tamil