Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Password crypt function
On Wed, 23 Sep 1998 14:34:21 +0200, "Piotr Kolodziej"
<pkol_at_otago.gda.pl> wrote:
>Jurij Modic wrote in message <36089c20.1197561_at_news.siol.net>...
>>Why looking for the digest function if you have it built into your
>>RDBMS?. So use the function that is originaly used! Here is the
>>scenario:
>
>[cut]
>
>But according to your scenario, during password probing user cannot
>connect to the database because of password change.
>The digest function uses both user name and provided password
>so you are not able to proceed with dummy user.
Well, if this is a problem than you can perorm this check on another, let us say testing database (for example, a small Personal Oracle database will do). All you have to do is to transfer all usernames and their encripted passwords to a table in this test instance and perform all the needed checks there. The scenario is even more simple in this case (pseudo code):
LOOP
fetch the_user and the_pwd from user_pwd_table;
CREATE USER theuser IDENTIFIED BY whatever;
LOOP
fetch bad_password from bad_pwd_distionary;
ALTER USER IDENTIFIED BY bad_password;
compare the digest from DBA_USERS and from user_pwd_table;
if (they are the same) then
mark the user as user_with_bad_pwd;
end if;
END LOOP;
END LOOP;
>Regards,
>Piotr Kolodziej
>pkol_at_otago.gda.pl
>
Regards,
--
Jurij Modic <jmodic_at_src.si>
Certified Oracle7 DBA (OCP)