Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How to compare passwords?

Re: How to compare passwords?

From: Rick Wessman <rwessman_at_us.oracle.com>
Date: 08 Feb 2000 12:19:40 -0500
Message-ID: <uhffjy5lf.fsf@us.oracle.com>


Hi, Chris:

There is no way to do what you want easily, unfortunately.

However, there is one way that is somewhat of hack, but it will do what you want. Have the application do the following:

  1. Save the user's current password by selecting it out of DBA_USERS;
  2. Change the password to be what the user password ALTER USER user IDENTIFIED by password_given;
  3. Select the new password out of DBA_USERS and compare the two;
  4. If the passwords do not match, restore the current password. This last step is VERY important.

The difficulty with this approach is that if an error occurs and is not caught, the user may be frozen out of the database because the password will be incorrect.

                                     Rick

"Chris Ermlich" <cermlich_at_swri.edu> writes:

> Hi folks,
> I'm running into a verification problem. We are trying to provide an
> authentication layer to an application where the app will check if the user
> entered a valid password. I can get the encrypted pw out od DBA_USERS. Is
> there a way to run the password encryption manually so I can compare the
> submitted password to the encrypted one out of DBA_USERS? Obviously, there
> is no way of getting the "real" password out of Oracle. The authentication
> is happening before the user logs on, so I can't just trap an invalid logon
> (e.g. viaVisual Basic ERR function).
> Any advise would be appreciated.
> Thanks,
> Chris Ermlich
> cermlich_at_swri.edu
>
>
>

--

                                        Rick Wessman
                                        Security and Directory Technologies
                                        Server Technologies
                                        Oracle Corporation
                                        rwessman_at_us.oracle.com

       The statements and opinions expressed here are my own and do not
             necessarily represent those of  Oracle Corporation.
Received on Tue Feb 08 2000 - 11:19:40 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US