Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How does Oracle protect (encrypt) user passwords in Oracle 8?.

Re: How does Oracle protect (encrypt) user passwords in Oracle 8?.

From: NetComrade <andreyNSPAM_at_bookexchange.net>
Date: Thu, 10 Feb 2000 16:57:42 GMT
Message-ID: <38a2eacf.155650637@news.earthlink.net> 





cool your excitement :)



I believe functions cannot insert, update the db:


SQLWKS> create or replace function sec
     2> return number
     3> as
     4> n number;
     5> begin
     6> n:=1;
     7> insert into manager values(10, 10);
     8> return n;
     9> end;
    10> /




Statement processed.


SQLWKS> select sec from dual


     2> 


select sec from dual


       *


ORA-06571: Function SEC does not guarantee not to update database





ORA-06571 function name does not guarantee not to update database



Cause: There are two possible causes for this message: 



A SQL statement references a packaged PL/SQL function that does not
contain a pragma that prevents the database from being updated.
A SQL statement references a stand-alone, PL/SQL function that
contains an instruction to update the database.
Action: If the referenced function is a packaged PL/SQL function:
Recreate the PL/SQL function with the required pragma; be certain to
include the 'Write No Database State' (WNDS) argument in the argument
list of the pragma.  




If the referenced function is a stand-alone PL/SQL function: Do not
use the function




On Wed, 09 Feb 2000 17:49:24 GMT, javierpf_at_usa.net wrote:




>Rick,


>


>It is great pleasure to talk directly with Oracle's people, specially


>with security colleagues.


>


>Thanks for your soon response.


>


>I wasn't trying to hack the password, if so I know a better method:


>


>1- Set a verification function as Password_verification_function in


>your users profile.


>2- Inside the function, store user name and password passed by


>parameter in a table.


>3- Limit the expiration date of user accounts by setting the


>password_life_time  profile parameter to oblige them to change his/her


>password.


>4- That's it! You have decrypted password next time users change their


>own ones.


>


>


>Javier Pflaum


>Data Security Analyst


>CTi Movil S.A. (Argentina)


>Jpflaum_at_cti.com.ar


>


>


>Sent via Deja.com http://www.deja.com/


>Before you buy.







In case I forgot to mention: 


We use Oracle 7.3.4 on Solaris 2.6, 2.7 boxes



Andrey Dmitriev	 eFax: (978) 383-5892  Daytime: (917) 750-3630
AOL: NetComrade	 ICQ: 11340726 remove NSPAM to email


Received on Thu Feb 10 2000 - 10:57:42 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US