Hi
Is there any ways or tables that I can see the password for the users in the database? Currently the password is being encrypted in the dba_users table...Please advice. Thanks!
Printable View
Hi
Is there any ways or tables that I can see the password for the users in the database? Currently the password is being encrypted in the dba_users table...Please advice. Thanks!
That's it! Passwords are stored hashed (one-way encryption) and can't be viewed en clair.
*Ooops! Then if i want to create a page and allow users to update their password after verification through the database, there is no way this can be done??
If the hashing algorithm is public (I don't know - anyone out there who does? a v.quick Google didn't find what I wanted) you can hash the value given by the user and compare it with the stored value. Otherwise you will have to create your own authentification system!
I don't understand this.Quote:
Originally posted by mooks
*Ooops! Then if i want to create a page and allow users to update their password after verification through the database, there is no way this can be done??
If user is allready connected to the database when changing the password, then what's the point in checking old password? He wouldn't be connected if he didn't know the old pasword. Simply let him only enter new password (twice).
If on the other hand user is not connected to the database, yet you wan't to allow him to change his database password, why don't you simply try to connect to the database with the old pasword he supplied during old password verification process? If connection succeeds you procerde with changing the password, if not the entered old password was not correct.
Or what am I missing here?
Hi Jurij,
The classic scenario is: the user logs on, goes off for coffee and someone else runs in & changes p/w. The other person can then access the application from elsewhere, until the original user has to log on again (say next morning) when the p/w mess gets sorted. Re-validating the p/w avoids this.
Yep, makes sence.Quote:
Originally posted by DaPi
Hi Jurij,
The classic scenario is: the user logs on, goes off for coffee and someone else runs in & changes p/w. The other person can then access the application from elsewhere, until the original user has to log on again (say next morning) when the p/w mess gets sorted. Re-validating the p/w avoids this.
Yes...u can see the paaswords.
Use this free tool:
http://home.earthlink.net/~adamshalo...sword_cracker/
well if you dont know the old password you cannot change the password right DaPi?
that tool is brute force, it´s like those password crackers for MS Office
That is exactly what mooks is trying to enforce by ensuring that the same person enters both old and new values at the same time.Quote:
Originally posted by pando
well if you dont know the old password you cannot change the password right DaPi?