-
Script to check for username and password are same
Can someone help me writing a script which will check for all the users in the database who are having the same password as username.
Thanks
-
-
Tell you what, why don't you look at dba_users and see if you can crack the "encrypted" password string. When you can do that, you can check to see if username=password.
Last edited by stecal; 02-26-2003 at 03:42 PM.
-
Hi,
You guys are thinking too deep on this matter.I dont want to see the password of any users.I just want a script which will take all the username in a cursor and connects to the database with the same username and password.If connection is established,then the user have the same password as username.Pls. help.
Thanks
-
Personally, I'd write a perl script that retrieved all the usernames from the database. I would then try to connect to each user using the username=password and record the results.
Jeff Hunter
-
Thats what i am looking for but i am not good in writing script.Any help???
-
Sure, I get $150/hour + expenses for custom development...
Jeff Hunter
-
This is a no-brainer script. If you can't figure out how to do something like this, I would suggest doing some homework. Cut and paste the results of the query.
Code:
SQL> select 'conn '||username||'/'||username||'@'||name string
2 from dba_users, v$database;
STRING
---------------------------------------------------------------
conn SYS/SYS@DB00
conn SYSTEM/SYSTEM@DB00
conn OUTLN/OUTLN@DB00
conn NEWUSER/NEWUSER@DB00
conn DBSNMP/DBSNMP@DB00
conn STECAL/STECAL@DB00
conn Scott/Scott@DB00
conn DBAF/DBAF@DB00
conn MIKE/MIKE@DB00
conn MIN1/MIN1@DB00
conn MIN2/MIN2@DB00
conn JONES/JONES@DB00
conn DUMMY/DUMMY@DB00
conn SCOTT/SCOTT@DB00
conn ADAMS/ADAMS@DB00
conn CLARK/CLARK@DB00
conn BLAKE/BLAKE@DB00
17 rows selected.
Code:
SQL> conn SYSTEM/SYSTEM@DB00
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> conn OUTLN/OUTLN@DB00
Connected.
SQL> conn NEWUSER/NEWUSER@DB00
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn DBSNMP/DBSNMP@DB00
Connected.
SQL> conn STECAL/STECAL@DB00
Connected.
SQL>
-
Why do you allow the users to use such password in first place?
Oracle's default routine for password complexity varification checks that. You can implement this by running by running utlpwdmg.sql
It also adds several other features for password policy management. You can even modify the verification routine. Once implemented it will not allow the users to create password which is same as username.
Code:
SQL> create user sanjay_g identified by sanjay_g;
create user sanjay_g identified by sanjay_g
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password same as user
SQL> alter user sanjay identified by sanjay;
alter user sanjay identified by sanjay
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password same as user
HTH
Sanjay G.
Oracle Certified Professional 8i, 9i.
"The degree of normality in a database is inversely proportional to that of its DBA"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|