-
Changing an expired password
When a user's password in Oracle has expired, is the only way for that user to be able to get in and change their password is by using sqlplus??
I ask this because, what I see happen is this:
When a user tries to login after his password has expired (using sqlplus), sqlplus immediately prompts for a new password. So I can see that oracle initiates a request from the user. Sqlplus seems to handle this nicely - prompts the user and waits for a response. But how can I handle this outside of sqlplus. I see that not even sqlplus worksheet handles this type of request from the database.
My users don't have sqlplus and we've setup a simple web form that allows them to change their password. This works only if their password has not expired. The web form simply asks the user to enter their username, connect_string, old password, new password (and retype new password), and when the "submit" button is pressed, all the web form does is pass the following sql:
connect username/password@connect_string
alter user username identified by new_password replace old_password;
Very simple (as you can see).
But this, again, does not work when the password is expired because Oracle immediately requests for a new password.
Has anyone addressed this? How?
-
you have to code for it in your app (like sqlplus does)
or get the dba to do it...
-
So you mean we have to make our little web form a little more smarter to be able to accept requests from oracle.
I am the dba, and I don't know what I can do from the database side to help this. All of this happens right when the user is tryig to connect.
One thing I have found that I can do is this:
Since the web form simply passes a command string, like "sqlplus username/old_password@connect_string"...
We can simply add this at the end: < passwd.txt
In other words:
sqlplus username/old_password@connect_string < passwd.txt
And the contents of passwd.txt is simply this 2 lines:
new_password
new_password
This would essentially take care of responding to the database request to changed the expired password.
I'm wondering if there are any other arguments that sqlplus accepts at the command line that would make this more easier??
-
query against dba_users for the account status and handle expired passwords
as part of the login.
I don't see any bind variables in your original code snippet leaving you open to
sql injection
Last edited by stmontgo; 05-04-2005 at 03:03 PM.
I'm stmontgo and I approve of this message
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|