Home » Developer & Programmer » Forms » Changing password from forms (8i)
Changing password from forms [message #357746] Thu, 06 November 2008 07:54 Go to next message
Derek N
Messages: 80
Registered: September 2002
Member
I created a password maintenence form and am using forms_ddl to change a users password. My statement is :

forms_ddl('ALTER USER '||uname||' IDENTIFIED BY '||''''''||:b2_1.password||''''''||' PASSWORD EXPIRE');

After allocating a new password through this maintenence form, the user cannot logon to their menu this password.

However if I issue the same command through PL/SQL Developer:

ALTER USER UDSE36 IDENTIFIED BY "~!test123*" PASSWORD EXPIRE;

The user was able to log on and change their password.


I have messaged the forms_ddl statement and all the spacings etc. are correct.
Re: Changing password from forms [message #357749 is a reply to message #357746] Thu, 06 November 2008 08:08 Go to previous messageGo to next message
Michel Cadot
Messages: 64151
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
If you posted in a formatted way like:
forms_ddl('ALTER USER '||uname||' IDENTIFIED BY '||''''''||:b2_1.password||''''''||' PASSWORD EXPIRE');

You immediatly saw that you didn't use double-quotes but you doubled single quotes.

In addition, you should google for SQL Injecttion. There I can hack your database.

Regards
Michel

[Updated on: Thu, 06 November 2008 08:09]

Report message to a moderator

Re: Changing password from forms [message #357758 is a reply to message #357746] Thu, 06 November 2008 08:22 Go to previous message
Derek N
Messages: 80
Registered: September 2002
Member
Changed quotes and works.

Would google.

Thanks a stack
Previous Topic: Post_insert Trigger
Next Topic: I Need Oracle Forms 9i pdf Instructer lead class room study material
Goto Forum:
  


Current Time: Fri Dec 09 23:27:53 CST 2016

Total time taken to generate the page: 0.25373 seconds