Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: User Password

Re: User Password

From: s.kapitza <skapitza_at_volcanomail.com>
Date: 28 Jun 2002 02:12:22 -0700
Message-ID: <26703915.0206280112.22d0fb3f@posting.google.com> 





hi chris,



you could do the following



<PseudoCode>



isPasswordValid(pass,user){


begin


  oldHashPass = gethashPass(user);


  changePasswordUser(pass)


  newHashPass = gethashPass(user);


  boolean passValid = (oldHashPass equals newHashPass);
  changePasswordUser(user,oldHashPass);


  return passValid;


end



but i think jim is right as you get with
adv. security a certified solution.



hth.



s. kapitza



chrisforbis_at_yahoo.com (Chris Forbis) wrote in message news:<f2dc430d.0206271754.2648cced_at_posting.google.com>...


> I would like to check a user for a valid password without logging them

> into oracle.  I have a connection with system to my database with a

> thread in my application.  I would like to see if the current user has

> given me correct info without using the time to build a connection and

> all.

> 

> Can something like this be done?

> SELECT IsValidPassword(thepassword,theuser) from dual; 

> 

> I know this function does not exist but could I make one with what

> oracle gives me in 8.1.7?

> 

> Also any way to encode thepassword part before oracle send it to the

> database, this so a packet sniffer can not grab the password?

> 

> Thanks!

Received on Fri Jun 28 2002 - 04:12:22 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US