Joe account
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 10 of 10

Thread: Joe account

  1. #1
    Join Date
    Jun 2000
    Location
    chennai,tamil nadu,india
    Posts
    159

    Joe account

    Is there any way to check if there is a jow account(username and password same) without altering the user nor connecting.

  2. #2
    Join Date
    Oct 2002
    Posts
    807
    Is there a way to tell what's on your PC without logging on?

  3. #3
    Join Date
    Jan 2001
    Posts
    2,828
    Hi

    well you can

    1)create a user joe with a password joe.

    2)Then get the hashed password from the dba_users view

    3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..

    regards
    Hrishy

  4. #4
    Join Date
    Feb 2003
    Location
    London
    Posts
    170
    How can the encrypted password be the same?? And also if you try to create the same user, it will immediately come back with an error ORA-01920: user name 'T2' conflicts with another user or role name.


    To see if a username exists, just check the dba_users table for the username in question

  5. #5
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    Originally posted by thomasp
    How can the encrypted password be the same??
    Its not Encrypted, but Hashed Password.. Though you are right it cannot be same.. ( I mean even the Hashed one )..
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  6. #6
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    Originally posted by hrishy
    Hi

    well you can

    1)create a user joe with a password joe.

    2)Then get the hashed password from the dba_users view

    3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..

    regards
    Hrishy
    Hrishy,

    I dont think you can.. Did u verify?

    Abhay.
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  7. #7
    Join Date
    Aug 2002
    Location
    Colorado Springs
    Posts
    5,253
    If you want to test for a user "JOE" with password "ABCDEF", then create a user "JO" with password "EABCDEF", or "J" with password "OEABCDEF", and compare the hash values.

    Or "JOEABCDE" with password "F". You get the idea, anyway.
    David Aldridge,
    "The Oracle Sponge"

    Senior Manager, Business Intelligence Development
    XM Satellite Radio
    Washington, DC

    Oracle ACE

  8. #8
    Join Date
    Oct 2002
    Posts
    807
    Folks, you are reading too much into this!
    His initial question was "Is there a way to check "blah" in the database WITHOUT connecting. Period."

    That IMO means "without connecting into the database as ANYONE - be it sys/sytem..whoever."

    There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.

    Back to work..ahem..

  9. #9
    Join Date
    Aug 2002
    Location
    Colorado Springs
    Posts
    5,253
    Originally posted by Axr2
    There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.
    I seem to spend every day of my working life doing this, translating vague functional wish-lists into database designs.

    * sob *
    David Aldridge,
    "The Oracle Sponge"

    Senior Manager, Business Intelligence Development
    XM Satellite Radio
    Washington, DC

    Oracle ACE

  10. #10
    Join Date
    Jun 2000
    Location
    chennai,tamil nadu,india
    Posts
    159
    You can connect to the database by sys or system but not other users.I found a solution for this.
    SQL> create user joe identified by joe;
    User created.

    SQL> create role "joe" identified by joe;
    Role created.

    SQL> select name,password from sys.user$ where name in('JOE','joe');

    NAME PASSWORD
    ------------------------------ ------------------------------
    joe 8E38D56D83C9573B
    JOE 8E38D56D83C9573B

    SQL> drop role "joe";
    Role dropped.

    There is less risk involved here because you create a role similiar to username and checking the password for both the username and role.If it matches the username is having the password same and if not its different and you can delete the role immly.This was is much simplier because you dont want to create the user in a dummy database and check.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width