Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Change password pl/sql?
On Fri, 14 Nov 2003 11:30:39 +0000, Pete Finnigan
<plsql_at_petefinnigan.com> wrote:
>Hi Kirmo,
>
>Yes, I agree with you but if there was a public API it would make the
>writing of a dictionary or brute force password cracker much easier.
>Oracle obviously do not want to make it easy for hackers or malicious
>employees to try and crack passwords.
That's true.
>
>Looks like you will have to either use the plan we discussed in PL/SQL
>or give in and find a way to use the password function instead.
I protoed the way the password change/check would work and ended up with a PL/SQL procedure
procedure change_passwd(
p_username in string, -- => username to change password for p_old_passwd in string, -- => user's current password p_new_password in string, -- => user's new password p_retval out integer) -- p_retval 0 for succesful operation, --p_retval 1=> incorrect old_password --p_retval 2 => p_username doesn't exist --p_retval 3 => bad p_new_password
and it seems to be working quite well. Even if someone would have access to its source it doesn't reveal anything. .
>Kind regards
>
>Pete
Best regards,
Kirmo Received on Fri Nov 14 2003 - 08:18:44 CST