Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying passwords have been changed in oracle

Re: Verifying passwords have been changed in oracle

From: Joe Kazimierczyk <joekazimierczyk_at_netscape.net>
Date: 12 Nov 2002 04:52:18 -0800
Message-ID: <236e8fc1.0211120452.4c0d04b7@posting.google.com> 





sweh_at_spuddy.mew.co.uk (Stephen Harris) wrote in message 
...


> So it _seems_ as if the hash is based purely on the username/password and

> doesn't have any database specific dependencies.

> 

> Can anyone confirm that this is correct?  If so, I can use this as a method

> of checking the default accounts.




I don't think that Oracle publishes how the password has is made,
so you probably won't get complete comfirmation on this.  But in
my own experience, you observations are correct:  A username/password
pair generates the same hash in oracle version 7.x thu 9.2, whether
it's Solaris, Linux, Irix, HP-UX, VMS, NT...  The hash is different
under Oracle v6.0.36 (don't ask).



Thinking about it, having the same password hash across platforms
and versions is the only way that export/import can work across
platforms and versions without requiring password resets after import.
Received on Tue Nov 12 2002 - 06:52:18 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US