DBAsupport.com Forums - Powered by vBulletin
Results 1 to 9 of 9

Thread: Script to check for username and password are same

  1. #1
    Join Date
    Jun 2000
    Location
    chennai,tamil nadu,india
    Posts
    159

    Script to check for username and password are same

    Can someone help me writing a script which will check for all the users in the database who are having the same password as username.

    Thanks

  2. #2
    Join Date
    Sep 2001
    Location
    NJ, USA
    Posts
    1,287
    see :http://www.dbasupport.com/forums/sho...threadid=34191

    it may be interesting for u.

  3. #3
    Join Date
    May 2002
    Posts
    2,645
    Tell you what, why don't you look at dba_users and see if you can crack the "encrypted" password string. When you can do that, you can check to see if username=password.
    Last edited by stecal; 02-26-2003 at 03:42 PM.

  4. #4
    Join Date
    Jun 2000
    Location
    chennai,tamil nadu,india
    Posts
    159
    Hi,
    You guys are thinking too deep on this matter.I dont want to see the password of any users.I just want a script which will take all the username in a cursor and connects to the database with the same username and password.If connection is established,then the user have the same password as username.Pls. help.

    Thanks

  5. #5
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    Personally, I'd write a perl script that retrieved all the usernames from the database. I would then try to connect to each user using the username=password and record the results.
    Jeff Hunter

  6. #6
    Join Date
    Jun 2000
    Location
    chennai,tamil nadu,india
    Posts
    159
    Thats what i am looking for but i am not good in writing script.Any help???

  7. #7
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    Sure, I get $150/hour + expenses for custom development...
    Jeff Hunter

  8. #8
    Join Date
    May 2002
    Posts
    2,645
    This is a no-brainer script. If you can't figure out how to do something like this, I would suggest doing some homework. Cut and paste the results of the query.

    Code:
    SQL> select 'conn '||username||'/'||username||'@'||name string
      2  from dba_users, v$database;
    
    STRING
    ---------------------------------------------------------------
    conn SYS/SYS@DB00
    conn SYSTEM/SYSTEM@DB00
    conn OUTLN/OUTLN@DB00
    conn NEWUSER/NEWUSER@DB00
    conn DBSNMP/DBSNMP@DB00
    conn STECAL/STECAL@DB00
    conn Scott/Scott@DB00
    conn DBAF/DBAF@DB00
    conn MIKE/MIKE@DB00
    conn MIN1/MIN1@DB00
    conn MIN2/MIN2@DB00
    conn JONES/JONES@DB00
    conn DUMMY/DUMMY@DB00
    conn SCOTT/SCOTT@DB00
    conn ADAMS/ADAMS@DB00
    conn CLARK/CLARK@DB00
    conn BLAKE/BLAKE@DB00
    
    17 rows selected.
    Code:
    SQL> conn SYSTEM/SYSTEM@DB00
    ERROR:
    ORA-01017: invalid username/password; logon denied
    
    
    SQL> conn OUTLN/OUTLN@DB00
    Connected.
    SQL> conn NEWUSER/NEWUSER@DB00
    ERROR:
    ORA-01017: invalid username/password; logon denied
    
    
    Warning: You are no longer connected to ORACLE.
    SQL> conn DBSNMP/DBSNMP@DB00
    Connected.
    SQL> conn STECAL/STECAL@DB00
    Connected.
    SQL>

  9. #9
    Join Date
    Feb 2000
    Location
    Singapore
    Posts
    1,758
    Why do you allow the users to use such password in first place?

    Oracle's default routine for password complexity varification checks that. You can implement this by running by running utlpwdmg.sql
    It also adds several other features for password policy management. You can even modify the verification routine. Once implemented it will not allow the users to create password which is same as username.
    Code:
    SQL> create user sanjay_g identified by sanjay_g;
    create user sanjay_g identified by sanjay_g
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20001: Password same as user
    
    
    SQL> alter user sanjay identified by sanjay;
    alter user sanjay identified by sanjay
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20001: Password same as user
    HTH
    Sanjay G.
    Oracle Certified Professional 8i, 9i.

    "The degree of normality in a database is inversely proportional to that of its DBA"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width