-
Validating user name and password
Hi Guys,
I am trying to validate password using pl/sql procedure i am passing user name and password as a IN parameter and i wan to check that this user name and password is correct OR exist ? i know that i can select from DBA_USERS vies but oracle stores password in encrypted format so, whenever it try to check password it does not match with password in DBA_USERS view although i am passing correct user name and password can any one through some light on it ?
Thanks
Circumstances do not rise to meet our expectation. Embrace what you actually get. Open your eyes. See things for what they really are Thereby sparing yourself the pain of false attachements.
-
There are aspects of a password you can check when someone is making or modifying one (length, types of characters, too close to the old one, etc.). Oracle even supplies a rudimentary password checking script in rdbms/admin. However, to do anything with password in dba_users, what is it you think you can validate? MIN1 and MIN2 both have aaaa as passwords, but you wouldn't know that from the encrypted value.
Code:
SQL> create user min1 identified by aaaa;
User created.
SQL> create user min2 identified by aaaa;
User created.
SQL> select username, password
2 from dba_users
3 where username like 'MIN%';
USERNAME PASSWORD
--------- ------------------------------
MIN1 BD2419DC3285F69D
MIN2 7E255E3A0ED9B044
-
Read the password column value (like 'BD2419DC3285F69D') into a variable, then (for example) ...
Alter user min1 identified by aaa;
Now check the new hashed password frm the dba_users table and compare it with the value you read from the table earlier.
If they are the same, the password is correct. If they are different, the passwords were different, and you ought to set the password back to the old value using (for example) ...
Alter user min1 identified by value 'BD2419DC3285F69D'
Of course if you can't get the ALTER ANY USER privilege, you're probably just trying to hack the account, eh?
-
Hi slimdave,
Thanks for your replay but when user enters invalid password then i am again restoring old password value i.e. 'BD2419DC3285F69D'
from variable but next time when i try to loging as min1 user it does not take original password but it replace with 'BD2419DC3285F69D' value is there any resion why it is not restoring old password. is there any oracle utility i can use for this ?
Thanks
Circumstances do not rise to meet our expectation. Embrace what you actually get. Open your eyes. See things for what they really are Thereby sparing yourself the pain of false attachements.
-
Note the syntax difference between ...
ALTER USER MIN1 IDENTIFIED BY AAA;
... and ...
ALTER USER MIN1 IDENTIFIED BY VALUES 'BD2419DC3285F69D';
The latter syntax is the undocumented way that Oracle creates users from an import file while guaranteeing that their passwords do not change from the export database. I suspect you might have missed out the VALUES bit.
-
Hi slimdave,
You are correct i was missing By Values clause and i was also missing single quotes i was simply using old password value from variable that is why oracle was replacing password with old encrypted password value.
Thanks for your valuable input
Minesh
Circumstances do not rise to meet our expectation. Embrace what you actually get. Open your eyes. See things for what they really are Thereby sparing yourself the pain of false attachements.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|