Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: How does Oracle protect (encrypt) user passwords in Oracle 8?.
cool your excitement :)
I believe functions cannot insert, update the db:
SQLWKS> create or replace function sec 2> return number 3> as 4> n number; 5> begin 6> n:=1; 7> insert into manager values(10, 10); 8> return n; 9> end; 10> /
2>
select sec from dual
*
ORA-06571: Function SEC does not guarantee not to update database
ORA-06571 function name does not guarantee not to update database
Cause: There are two possible causes for this message:
A SQL statement references a packaged PL/SQL function that does not contain a pragma that prevents the database from being updated. A SQL statement references a stand-alone, PL/SQL function that contains an instruction to update the database. Action: If the referenced function is a packaged PL/SQL function: Recreate the PL/SQL function with the required pragma; be certain to include the 'Write No Database State' (WNDS) argument in the argument list of the pragma.
If the referenced function is a stand-alone PL/SQL function: Do not use the function
On Wed, 09 Feb 2000 17:49:24 GMT, javierpf_at_usa.net wrote:
>Rick,
>
>It is great pleasure to talk directly with Oracle's people, specially
>with security colleagues.
>
>Thanks for your soon response.
>
>I wasn't trying to hack the password, if so I know a better method:
>
>1- Set a verification function as Password_verification_function in
>your users profile.
>2- Inside the function, store user name and password passed by
>parameter in a table.
>3- Limit the expiration date of user accounts by setting the
>password_life_time profile parameter to oblige them to change his/her
>password.
>4- That's it! You have decrypted password next time users change their
>own ones.
>
>
>Javier Pflaum
>Data Security Analyst
>CTi Movil S.A. (Argentina)
>Jpflaum_at_cti.com.ar
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
Andrey Dmitriev eFax: (978) 383-5892 Daytime: (917) 750-3630 AOL: NetComrade ICQ: 11340726 remove NSPAM to emailReceived on Thu Feb 10 2000 - 10:57:42 CST