Home » Open Source » Programming Interfaces » Modifying a passwoed on a front end application
Modifying a passwoed on a front end application [message #247079] Sat, 23 June 2007 12:22 Go to next message
srhngsn
Messages: 6
Registered: June 2007
Junior Member
I would like to know if apart from the alter user option, there is another function that can be used to modify a user's password.

To enforce the password I'm using the password_verify_function, but the check between the old and the new password is bypassed as the old one is never asked when you're using alter or the password command as a sysdba or a user with alter user privileges.

Thanks
Re: Modifying a passwoed on a front end application [message #247082 is a reply to message #247079] Sat, 23 June 2007 13:26 Go to previous messageGo to next message
Michel Cadot
Messages: 60018
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Which application? Custom? SQL*Plus? ...
Which programming language do you use? Pro*C? OCI? OO4O? OLE DB? ...

Please always post your Oracle version (4 decimals).

Regards
Michel
Re: Modifying a passwoed on a front end application [message #247084 is a reply to message #247079] Sat, 23 June 2007 14:26 Go to previous messageGo to next message
srhngsn
Messages: 6
Registered: June 2007
Junior Member
Hi,

It's a custom application. I'm using a web interface with PHP.
I'm only getting values from the interface to feed my PL/SQL functions.
10g Release 2 (10.2.0)

Regards,

Re: Modifying a passwoed on a front end application [message #247085 is a reply to message #247079] Sat, 23 June 2007 14:41 Go to previous messageGo to next message
Michel Cadot
Messages: 60018
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Another question.
What is the problem with users having "alter user" privilege?
Normally, no user but DBA should have this privilege.
Normal users have to satisfy password_verify_function criteria. This is the most important point.
DBA users when they modify other's password should set it "expire" so user has to modify it at his first connection.

Regards
Michel
Re: Modifying a passwoed on a front end application [message #247087 is a reply to message #247079] Sat, 23 June 2007 15:05 Go to previous messageGo to next message
srhngsn
Messages: 6
Registered: June 2007
Junior Member
The users with privileges can create, modify and delete users. (That's the only privilege they have above the others)

Quote:
DBA users when they modify other's password should set it "expire" so user has to modify it at his first connection.


This can be a solution but I still don't know to which PL/SQL function to pass the parameters when using a fron end application.
Is there any aquivalent to the password command where one could pass some variables as parameters ?

Regards
Re: Modifying a passwoed on a front end application [message #247089 is a reply to message #247079] Sat, 23 June 2007 15:26 Go to previous messageGo to next message
BlackSwan
Messages: 23162
Registered: January 2009
Senior Member
I'm not sure this would be a viable option, but here is something similar I did in the past.
At time a developer would get in his own way resulting in a package being locked open preventing it from being changed.
This can occur when a developer has multiple sessions into the database.
So I created a package owned by SYS & with "DBA" privs.
This package would accept a username (USER) & would then proceed to ALTER SYSTEM KILL SESSION all sessions owned by that user.
When a developer found himself in a deadlock situation, he would/could open yet another session & invoke this package (SUICIDE_ME).
All this package would ever do is kill all the invoker's sessions.
All I needed to do was to GRANT EXECUTE ON SYS.SUICIDE_ME TO DUHVELOPER;

HTH & YMMV
Re: Modifying a passwoed on a front end application [message #247091 is a reply to message #247087] Sat, 23 June 2007 15:45 Go to previous messageGo to next message
Michel Cadot
Messages: 60018
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
Is there any aquivalent to the password command where one could pass some variables as parameters ?

There is in OCI and other interfaces.
What is your interface with Oracle? What module do you use to talk with Oracle?

Regards
Michel
Re: Modifying a passwoed on a front end application [message #247092 is a reply to message #247079] Sat, 23 June 2007 16:00 Go to previous messageGo to next message
srhngsn
Messages: 6
Registered: June 2007
Junior Member
I'm using an independent Apache server configured to work with oracle.
To do this in Windows, either one of these two lines are uncommented :

;extension=php_oci8.dll
;extension=php_oracle.dll

Regards
Re: Modifying a passwoed on a front end application [message #247096 is a reply to message #247092] Sun, 24 June 2007 00:38 Go to previous message
Michel Cadot
Messages: 60018
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
I don't know PHP but I'm pretty sure that at least one of these allow you to do this.

I transfer this thread to the PHP forum.

Regards
Michel
Previous Topic: oracle and php
Next Topic: ODBC connection fails for Oracle 10g in Windows XP.
Goto Forum:
  


Current Time: Mon Dec 22 15:41:35 CST 2014

Total time taken to generate the page: 0.12786 seconds