Is there any way to check if there is a jow account(username and password same) without altering the user nor connecting.
Printable View
Is there any way to check if there is a jow account(username and password same) without altering the user nor connecting.
Is there a way to tell what's on your PC without logging on?
Hi
well you can
1)create a user joe with a password joe.
2)Then get the hashed password from the dba_users view
3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..
regards
Hrishy
How can the encrypted password be the same?? And also if you try to create the same user, it will immediately come back with an error ORA-01920: user name 'T2' conflicts with another user or role name.
To see if a username exists, just check the dba_users table for the username in question
Its not Encrypted, but Hashed Password.. Though you are right it cannot be same.. ( I mean even the Hashed one )..Quote:
Originally posted by thomasp
How can the encrypted password be the same??
Hrishy,Quote:
Originally posted by hrishy
Hi
well you can
1)create a user joe with a password joe.
2)Then get the hashed password from the dba_users view
3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..
regards
Hrishy
I dont think you can.. Did u verify?
Abhay.
If you want to test for a user "JOE" with password "ABCDEF", then create a user "JO" with password "EABCDEF", or "J" with password "OEABCDEF", and compare the hash values.
Or "JOEABCDE" with password "F". You get the idea, anyway.
Folks, you are reading too much into this!
His initial question was "Is there a way to check "blah" in the database WITHOUT connecting. Period."
That IMO means "without connecting into the database as ANYONE - be it sys/sytem..whoever."
There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.
Back to work..ahem..
I seem to spend every day of my working life doing this, translating vague functional wish-lists into database designs.Quote:
Originally posted by Axr2
There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.
* sob *
You can connect to the database by sys or system but not other users.I found a solution for this.
SQL> create user joe identified by joe;
User created.
SQL> create role "joe" identified by joe;
Role created.
SQL> select name,password from sys.user$ where name in('JOE','joe');
NAME PASSWORD
------------------------------ ------------------------------
joe 8E38D56D83C9573B
JOE 8E38D56D83C9573B
SQL> drop role "joe";
Role dropped.
There is less risk involved here because you create a role similiar to username and checking the password for both the username and role.If it matches the username is having the password same and if not its different and you can delete the role immly.This was is much simplier because you dont want to create the user in a dummy database and check.