-
pando, I think mooks should be answering this, but . . . .
I don't think he wants to know the p/w, he wants to validate it; he said:
". . . i want to create a page and allow users to update their password after verification through the database . . "
in which case comparing hashed values will work.
If you connect succesfully with say SQLPlus and walk away from the PC what stops me (apart from geography) from typing ALTER USER ?
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
-
User Validation
I would like to make one suggestion hear as far as application concern to validate user name and password you don’t have to grant ALTER USER privilege to user or don't need to know stored hashed value you can just simply write java stored procedure(JDBC), load java class into database and wrapped with PL/SQL function that will take care of user validation.
Minesh
Circumstances do not rise to meet our expectation. Embrace what you actually get. Open your eyes. See things for what they really are Thereby sparing yourself the pain of false attachements.
-
Personally, I'd have the user input the three values (old pw, new pw, new pw), try to open a new connection with the old pw, issue the alter user... command, and close the connection.
Jeff Hunter
-
Originally posted by marist89
Personally, I'd have the user input the three values (old pw, new pw, new pw), try to open a new connection with the old pw, issue the alter user... command, and close the connection.
Now that's the difference between giving someone what they ask for and giving someone what they need Spot on Jeff.
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
-
You could also try re-booting (If you're on Windoz, anyway... )
Jeff Hunter
-
. . . or recompiling the kernel . . .
"The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman
-
Originally posted by marist89
Personally, I'd have the user input the three values (old pw, new pw, new pw), try to open a new connection with the old pw, issue the alter user... command, and close the connection.
... unless the security policies enforce the profile setting where each user can have no more than one concurrent connection to the database ....
Jurij Modic
ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
-
Hi guys,
Thanks for all contributions. Basically I am not going to maintain the database so I want to make things easier for the users by creating a page for the users to change their password.
It seems like I will not be able to verify the old password from the database from all the contributed postings... many thanks!
-
One more question...
I have grant the user with alter user privileges, however when i execute the script, i am having an insufficient privileges error, is there anything that i have missed out?
v_sql := 'alter user ... identified by ...';
EXECUTE IMMEDIATE v_sql;
-
Are you making the grant directly or through a role?
Jim
Oracle Certified Professional
"Build your reputation by helping other people build theirs."
"Sarcasm may be the lowest form of wit but its still funny"
Click HERE to vist my website!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|