Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: User Password

Re: User Password

From: Jim Kennedy <kennedy-family_at_attbi.com>
Date: Fri, 28 Jun 2002 12:37:58 GMT
Message-ID: <GMYS8.347223$cQ3.21739@sccrnsc01> 





He actually seems to have asked 2 questions. 1. a function to validate the
password - don't think you can unless you try to connect inside a pl/sql
function and failures generate an error.
2. Can he encrypt the network traffic between the client and the server -
yes with the Advanced Security Option.


Jim


"Rick Wessman" <Rick.WessmanNO_SPAM_at_oracle.com> wrote in message
news:afhi9201l8_at_drn.newsguy.com...


> Unfortunately, this is the only solution that I can think of. Advanced

Security


> has no feature that does what he wants to do.

>

>                                           Rick

>

> In article <26703915.0206280112.22d0fb3f_at_posting.google.com>,

> skapitza_at_volcanomail.com says...

> >

> >hi chris,

> >

> >you could do the following

> >

> ><PseudoCode>

> >

> >isPasswordValid(pass,user){

> >begin

> >  oldHashPass = gethashPass(user);

> >  changePasswordUser(pass)

> >  newHashPass = gethashPass(user);

> >  boolean passValid = (oldHashPass equals newHashPass);

> >  changePasswordUser(user,oldHashPass);

> >  return passValid;

> >end

> >

> >but i think jim is right as you get with

> >adv. security a certified solution.

> >

> >hth.

> >

> >s. kapitza

> >

> >chrisforbis_at_yahoo.com (Chris Forbis) wrote in message

> >news:<f2dc430d.0206271754.2648cced_at_posting.google.com>...

> >> I would like to check a user for a valid password without logging them

> >> into oracle.  I have a connection with system to my database with a

> >> thread in my application.  I would like to see if the current user has

> >> given me correct info without using the time to build a connection and

> >> all.

> >>

> >> Can something like this be done?

> >> SELECT IsValidPassword(thepassword,theuser) from dual;

> >>

> >> I know this function does not exist but could I make one with what

> >> oracle gives me in 8.1.7?

> >>

> >> Also any way to encode thepassword part before oracle send it to the

> >> database, this so a packet sniffer can not grab the password?

> >>

> >> Thanks!

>

>                                 Rick Wessman

>                                 Oracle Corporation

>

>      The opinions expressed above are mine and do not necessarily reflect

>                          those of Oracle Corporation.

>

Received on Fri Jun 28 2002 - 07:37:58 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US