Although the passwords in Oracle are encrypted, there is always possibilities that a user will choose a simple password like the same as his/her userid.
Before I enable password policy, I want to check the existing user account that if any uses simple password like for example their database userid.
Does Oracle enforce password check on existing database accounts?
Julian,
Thanks for the link, its an interesting product, but I don't think the company is willing to afford it at the moment.
I have got a piece of code from Metalink which can do what I wanted.
But the problem is the script works for 8i & 9i.
I am not good at PL/SQL. Do not know how to tweak this piece of code to work for Oracle 8 and below.
If anyone of you have time, please help me look at this code and hopefully make it work for Oracle8 and below.
It seems like in Oracle 8, "execute immediate.." is not allowed.
Here is the code:
create or replace procedure sys.find_joes as
-- Find users that have their password equal to their username
hexpw varchar2(30);
modpw varchar2(30);
un varchar2(30);
cursor c1 is select username,password from dba_users
where length(trim(password)) = 16; -- only consider db authenticated
begin
for i in c1 loop
hexpw := i.password;
un := i.username;
execute immediate 'alter user '||un||' identified by '||un;
select password into modpw from dba_users where username = un;
if modpw = hexpw then
dbms_output.put_line(un);
else
-- change password back to what it was
execute immediate
'alter user '||un||' identified by values '''||hexpw||'''';
end if;
end loop;
end;
/
Reply With Quote
Bookmarks