Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: getting users passwords in plain text

Re: getting users passwords in plain text

From: Stephane Faroult <sfaroult_at_roughsea.com>
Date: Tue, 16 Oct 2007 18:17:25 +0200
Message-Id: <19009.1192551445@roughsea.com> 



Vincent,


   Password crypting is one-way: you can't decipher it. What is entered is crypted, sent over to Oracle, and compared to the crypting of what was once defined as "the good password". You cannot expect less from a company that has communicated so much about being "unbreakable".


A site you might want to visit is http://www.petefinnigan.com/


Besides a brutal dictionary attack, there isn't much that can be done.


Some people have suggesting changing the password and resetting it to it's initial value. It's something I have much used in the past, but there is a gotcha: if a password policy is set, you may be prevented from resetting a recent password ...


HTH


Stephane Faroult


 


 










On Mar Oct 16 15:14 , "Vincent verpoort" sent:






Hi Experts,



I have a question that's a bit unethical. 



For a company i'm working for i need to find out what the passwords are of oracle users. As changing them means a lot of work for allot of poeple. 



Is there anyway i can clear text the password from dba database, i have sysdba and all privs.



any points would be nice also i want to put this into script so if anyone has something ? 


-- 

                           Vincent Verpoort



  ,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_ 

              Communiceren is begrepen worden 

^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-. 







--
http://www.freelists.org/webpage/oracle-l
Received on Tue Oct 16 2007 - 11:17:25 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US