Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying passwords have been changed in oracle
sweh_at_spuddy.mew.co.uk (Stephen Harris) wrote in message
...
> So it _seems_ as if the hash is based purely on the username/password and
> doesn't have any database specific dependencies.
>
> Can anyone confirm that this is correct? If so, I can use this as a method
> of checking the default accounts.
I don't think that Oracle publishes how the password has is made, so you probably won't get complete comfirmation on this. But in my own experience, you observations are correct: A username/password pair generates the same hash in oracle version 7.x thu 9.2, whether it's Solaris, Linux, Irix, HP-UX, VMS, NT... The hash is different under Oracle v6.0.36 (don't ask).
Thinking about it, having the same password hash across platforms and versions is the only way that export/import can work across platforms and versions without requiring password resets after import. Received on Tue Nov 12 2002 - 06:52:18 CST