Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: verify existing oracle password before changing

Re: verify existing oracle password before changing

From: Jonathan Lewis <jonathan_at_jlcomp.demon.co.uk>
Date: 2000/06/06
Message-ID: <960320221.10430.3.nnrp-06.9e984b29@news.demon.co.uk>#1/1 







There is a bit of a hole in that one, though,
as you could set a profile that restricts
password re-use -e.g. mustn't use the same
password within 6 months, mustn't use the
same password again unless it has changed
5 times in the interim.



An idea I am working with is to use a BEFORE DDL
database trigger that fires on an ALTER and acquires
the value dbms_standard.des_encrypted_password,
then mucks about when this is not null to avoid the
alter user.



The trouble at present is the des_encrypted_password
doesn't seem to have much to do with what Oracle
stores as the password - back to the drawing board.



--

Jonathan Lewis
Yet another Oracle-related web site:  http://www.jlcomp.demon.co.uk

Thomas J. Kyte wrote in message <8g0kf0$pu6$1_at_nnrp1.deja.com>...


>there is nothing builtin to do that.  In order to do that, you can

>

>- save their current digested password

>- alter them to have the password they give you that you want to check

>- read that digested password out

>- compare them

>   - if different put the first digest back return FALSE

>   - else return TRUE

>



Received on Tue Jun 06 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US