Database user password - Page 3
DBAsupport.com Forums - Powered by vBulletin
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: Database user password

  1. #21
    Join Date
    Nov 2002
    Location
    Geneva Switzerland
    Posts
    3,142
    pando, I think mooks should be answering this, but . . . .

    I don't think he wants to know the p/w, he wants to validate it; he said:
    ". . . i want to create a page and allow users to update their password after verification through the database . . "
    in which case comparing hashed values will work.

    If you connect succesfully with say SQLPlus and walk away from the PC what stops me (apart from geography) from typing ALTER USER ?
    "The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman

  2. #22
    Join Date
    Oct 2001
    Location
    GA, USA
    Posts
    79

    User Validation

    I would like to make one suggestion hear as far as application concern to validate user name and password you donít have to grant ALTER USER privilege to user or don't need to know stored hashed value you can just simply write java stored procedure(JDBC), load java class into database and wrapped with PL/SQL function that will take care of user validation.

    Minesh
    Circumstances do not rise to meet our expectation. Embrace what you actually get. Open your eyes. See things for what they really are Thereby sparing yourself the pain of false attachements.

  3. #23
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    Personally, I'd have the user input the three values (old pw, new pw, new pw), try to open a new connection with the old pw, issue the alter user... command, and close the connection.
    Jeff Hunter
    marist89@yahoo.com
    http://marist89.blogspot.com/
    Get Firefox!
    "I pledge to stop eating sharks fin soup and will not do so under any circumstances."

  4. #24
    Join Date
    Nov 2002
    Location
    Geneva Switzerland
    Posts
    3,142
    Originally posted by marist89
    Personally, I'd have the user input the three values (old pw, new pw, new pw), try to open a new connection with the old pw, issue the alter user... command, and close the connection.
    Now that's the difference between giving someone what they ask for and giving someone what they need Spot on Jeff.
    "The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman

  5. #25
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    You could also try re-booting (If you're on Windoz, anyway... )
    Jeff Hunter
    marist89@yahoo.com
    http://marist89.blogspot.com/
    Get Firefox!
    "I pledge to stop eating sharks fin soup and will not do so under any circumstances."

  6. #26
    Join Date
    Nov 2002
    Location
    Geneva Switzerland
    Posts
    3,142
    . . . or recompiling the kernel . . .
    "The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous" - Gibbon, quoted by R.P.Feynman

  7. #27
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Originally posted by marist89
    Personally, I'd have the user input the three values (old pw, new pw, new pw), try to open a new connection with the old pw, issue the alter user... command, and close the connection.
    ... unless the security policies enforce the profile setting where each user can have no more than one concurrent connection to the database ....
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  8. #28
    Join Date
    Jan 2000
    Posts
    387
    Hi guys,

    Thanks for all contributions. Basically I am not going to maintain the database so I want to make things easier for the users by creating a page for the users to change their password.

    It seems like I will not be able to verify the old password from the database from all the contributed postings... many thanks!

  9. #29
    Join Date
    Jan 2000
    Posts
    387
    One more question...

    I have grant the user with alter user privileges, however when i execute the script, i am having an insufficient privileges error, is there anything that i have missed out?

    v_sql := 'alter user ... identified by ...';
    EXECUTE IMMEDIATE v_sql;

  10. #30
    Join Date
    Jan 2002
    Location
    Up s**t creek
    Posts
    1,525
    Are you making the grant directly or through a role?
    Jim
    Oracle Certified Professional
    "Build your reputation by helping other people build theirs."

    "Sarcasm may be the lowest form of wit but its still funny"

    Click HERE to vist my website!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width