Joe account

**msuresh** · 05-12-2004 03:10 PM

Is there any way to check if there is a jow account(username and password same) without altering the user nor connecting.

**Axr2** · 05-12-2004 07:11 PM

Is there a way to tell what's on your PC without logging on?

**hrishy** · 05-13-2004 01:47 AM

Hi

well you can

1)create a user joe with a password joe.

2)Then get the hashed password from the dba_users view

3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..

regards
Hrishy

**thomasp** · 05-13-2004 04:37 AM

How can the encrypted password be the same?? And also if you try to create the same user, it will immediately come back with an error ORA-01920: user name 'T2' conflicts with another user or role name.

To see if a username exists, just check the dba_users table for the username in question

**abhaysk** · 05-13-2004 05:39 AM

Originally posted by thomasp
How can the encrypted password be the same??

Its not Encrypted, but Hashed Password.. Though you are right it cannot be same.. ( I mean even the Hashed one )..

**abhaysk** · 05-13-2004 05:41 AM

Originally posted by hrishy
Hi

well you can

1)create a user joe with a password joe.

2)Then get the hashed password from the dba_users view

3)compare the hashed password value with the password of the users that already exists in the database.If there is match then check the username if it matches then bingo you have the answer..

regards
Hrishy

Hrishy,

I dont think you can.. Did u verify?

Abhay.

**slimdave** · 05-13-2004 09:31 AM

If you want to test for a user "JOE" with password "ABCDEF", then create a user "JO" with password "EABCDEF", or "J" with password "OEABCDEF", and compare the hash values.

Or "JOEABCDE" with password "F". You get the idea, anyway.

**Axr2** · 05-13-2004 01:33 PM

Folks, you are reading too much into this!
His initial question was "Is there a way to check "blah" in the database WITHOUT connecting. Period."

That IMO means "without connecting into the database as ANYONE - be it sys/sytem..whoever."

There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.

Back to work..ahem..

**slimdave** · 05-13-2004 02:40 PM

Originally posted by Axr2
There's no point trying to mind-read/suggest solutions to an open ended/ambiguous question.

I seem to spend every day of my working life doing this, translating vague functional wish-lists into database designs.

* sob *

**msuresh** · 05-13-2004 05:42 PM

You can connect to the database by sys or system but not other users.I found a solution for this.
SQL> create user joe identified by joe;
User created.

SQL> create role "joe" identified by joe;
Role created.

SQL> select name,password from sys.user$ where name in('JOE','joe');

NAME PASSWORD
------------------------------ ------------------------------
joe 8E38D56D83C9573B
JOE 8E38D56D83C9573B

SQL> drop role "joe";
Role dropped.

There is less risk involved here because you create a role similiar to username and checking the password for both the username and role.If it matches the username is having the password same and if not its different and you can delete the role immly.This was is much simplier because you dont want to create the user in a dummy database and check.

Thread: Joe account

Thread Tools

Display

Joe account

Bookmarks

Bookmarks

Posting Permissions