-
Joe account
Is there any way to check if there is a jow account(username and password same) without altering the user nor connecting.
-
Is there a way to tell what's on your PC without logging on?
-
Hi
well you can
1)create a user joe with a password joe.
2)Then get the hashed password from the dba_users view
3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..
regards
Hrishy
-
How can the encrypted password be the same?? And also if you try to create the same user, it will immediately come back with an error ORA-01920: user name 'T2' conflicts with another user or role name.
To see if a username exists, just check the dba_users table for the username in question
-
Originally posted by thomasp
How can the encrypted password be the same??
Its not Encrypted, but Hashed Password.. Though you are right it cannot be same.. ( I mean even the Hashed one )..
funky...
"I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."
"Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"
-
Originally posted by hrishy
Hi
well you can
1)create a user joe with a password joe.
2)Then get the hashed password from the dba_users view
3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..
regards
Hrishy
Hrishy,
I dont think you can.. Did u verify?
Abhay.
funky...
"I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."
"Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"
-
If you want to test for a user "JOE" with password "ABCDEF", then create a user "JO" with password "EABCDEF", or "J" with password "OEABCDEF", and compare the hash values.
Or "JOEABCDE" with password "F". You get the idea, anyway.
-
Folks, you are reading too much into this!
His initial question was "Is there a way to check "blah" in the database WITHOUT connecting. Period."
That IMO means "without connecting into the database as ANYONE - be it sys/sytem..whoever."
There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.
Back to work..ahem..
-
Originally posted by Axr2
There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.
I seem to spend every day of my working life doing this, translating vague functional wish-lists into database designs.
* sob *
-
You can connect to the database by sys or system but not other users.I found a solution for this.
SQL> create user joe identified by joe;
User created.
SQL> create role "joe" identified by joe;
Role created.
SQL> select name,password from sys.user$ where name in('JOE','joe');
NAME PASSWORD
------------------------------ ------------------------------
joe 8E38D56D83C9573B
JOE 8E38D56D83C9573B
SQL> drop role "joe";
Role dropped.
There is less risk involved here because you create a role similiar to username and checking the password for both the username and role.If it matches the username is having the password same and if not its different and you can delete the role immly.This was is much simplier because you dont want to create the user in a dummy database and check.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|