Home » RDBMS Server » Security » username and password in oracle
username and password in oracle [message #41584] Tue, 14 January 2003 16:42 Go to next message
pras
Messages: 57
Registered: June 2002
Member
Hi
I am developing a front end using VB with Oracle enterprise edition as back end. I have a form on which
the user can enter the username and password.For this I am acessing the dba_users table from the database.Basically I am comparing the username from this table with the entered username on the form.I would like to know is there any table in which passwords are stored.(In dba_users table there is no column for password.)

I appreciate your help!
prasanna
Re: username and password in oracle [message #41585 is a reply to message #41584] Tue, 14 January 2003 18:18 Go to previous messageGo to next message
Todd Barry
Messages: 4819
Registered: August 2001
Senior Member
The password is not stored anywhere in Oracle - encrypted or not. It is hashed.

I would suggest that you just verify the user/password by attempting to connect with those values instead of trying to check them (which you cannot do anyway) with another "super user" account.
Re: username and password in oracle [message #41588 is a reply to message #41584] Wed, 15 January 2003 09:03 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
SQL> desc dba_users
 Name                                                  Null?    Type
 ----------------------------------------------------- -------- -------------------------------
 USERNAME                                              NOT NULL VARCHAR2(30)
 USER_ID                                               NOT NULL NUMBER
 [b]PASSWORD                                                       VARCHAR2(30)[/b]
 ACCOUNT_STATUS                                        NOT NULL VARCHAR2(32)
 LOCK_DATE                                                      DATE
 EXPIRY_DATE                                                    DATE
 DEFAULT_TABLESPACE                                    NOT NULL VARCHAR2(30)
 TEMPORARY_TABLESPACE                                  NOT NULL VARCHAR2(30)
 CREATED                                               NOT NULL DATE
 PROFILE                                               NOT NULL VARCHAR2(30)
 INITIAL_RSRC_CONSUMER_GROUP                                    VARCHAR2(30)
 EXTERNAL_NAME                                                  VARCHAR2(4000)

----------------------------------------------------------------------

as Todd has said,
passwrds are not just stored. it is hashed and
to access dba_users you need privs.
I dont get ur requirement.
if u want to check the existence of user, just check the username.!
u cannot compare passwords.
But if you are looking into
"Logging (connecting not querying from dba account) as 
another user USER_A and accessing his objects (from a 
dba account) without knowing password of USER_A" it is 
possible (something like "su" in unix).

Re: unrelated qn to MAHESH [message #41589 is a reply to message #41584] Wed, 15 January 2003 10:33 Go to previous message
sri
Messages: 154
Registered: February 2000
Senior Member
Mahesh,

How are you printing the lines with in the message?

Thx,
Sri
Previous Topic: Audit Trigger Failure
Next Topic: Forget the password !
Goto Forum:
  


Current Time: Thu Mar 28 15:02:20 CDT 2024