-
Database user password
Hi
Is there any ways or tables that I can see the password for the users in the database? Currently the password is being encrypted in the dba_users table...Please advice. Thanks!
-
That's it! Passwords are stored hashed (one-way encryption) and can't be viewed en clair.
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
-
*Ooops! Then if i want to create a page and allow users to update their password after verification through the database, there is no way this can be done??
-
If the hashing algorithm is public (I don't know - anyone out there who does? a v.quick Google didn't find what I wanted) you can hash the value given by the user and compare it with the stored value. Otherwise you will have to create your own authentification system!
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
-
Originally posted by mooks
*Ooops! Then if i want to create a page and allow users to update their password after verification through the database, there is no way this can be done??
I don't understand this.
If user is allready connected to the database when changing the password, then what's the point in checking old password? He wouldn't be connected if he didn't know the old pasword. Simply let him only enter new password (twice).
If on the other hand user is not connected to the database, yet you wan't to allow him to change his database password, why don't you simply try to connect to the database with the old pasword he supplied during old password verification process? If connection succeeds you procerde with changing the password, if not the entered old password was not correct.
Or what am I missing here?
Jurij Modic
ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
-
Hi Jurij,
The classic scenario is: the user logs on, goes off for coffee and someone else runs in & changes p/w. The other person can then access the application from elsewhere, until the original user has to log on again (say next morning) when the p/w mess gets sorted. Re-validating the p/w avoids this.
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
-
Originally posted by DaPi
Hi Jurij,
The classic scenario is: the user logs on, goes off for coffee and someone else runs in & changes p/w. The other person can then access the application from elsewhere, until the original user has to log on again (say next morning) when the p/w mess gets sorted. Re-validating the p/w avoids this.
Yep, makes sence.
Jurij Modic
ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
-
-
well if you dont know the old password you cannot change the password right DaPi?
that tool is brute force, it´s like those password crackers for MS Office
-
Originally posted by pando
well if you dont know the old password you cannot change the password right DaPi?
That is exactly what mooks is trying to enforce by ensuring that the same person enters both old and new values at the same time.
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|