| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: capture oracle pwd change in 3rd party application. help needed
Michael Gast wrote:
>Hi Daniel,
>
>Daniel Morgan schrieb:
>
>
>>Lasher wrote:
>>
>>
>>
>>>Hi,
>>>
>>>I have clients using an application that allows users to change their
>>>passwords. The application uses the 'ALTER USER xxx IDENTIFIED
>>>BY.....' command. What I need to do is use Oracle to capture the
>>>username and password and send the info to another Oracle instance on
>>>a different server and update that users password.
>>>
>>>Basically I need to keep the user's password in sync between two
>>>different databases.
>>>
>>>I also cannot change the application in anyway and therefore need to
>>>do this from the Oracle side.
>>>
>>>Any ideas would be great.........
>>>
>>>
>>>
>>>
>>Go to $ORACLE_HOME/rdmbs/admin
>>Look at the file utlpwdmg.sql
>>
>>If you have any business doing this you will be able to fill in the rest
>>of the picture.
>>
>>Personally I agree with Pete. This is nonsense and worse than nonsense a
>>huge violation
>>of any reasonable definition of system security. The OEM should fix the
>>problem. And
>>my advise to you would be not to do this. That it can be done doesn't
>>mean that it should
>>be done. The entire idea stinks.
>>
>>
>
>I agree with you. The idea stinks. I addition, i'm not covinced that
>"Lasher" is "Mr. Lasher's" true name.
>
>But let us assume "Mr. Lasher" has a valid problem and does not want to
>crack the DB. Could a possible solution be to realize a server sided
>single sign on to multiple databases? I'm not a specialist for Oracle
>security, but i've read in the "Security Overview" and the "Advanced
>Security Administrators Guide" manuals from Oracle that this could be
>done.I assume, this is not a crack and could be a usable solution for
>"Mr. Lasher's" problem if he does not want to crack the DB.
>
>
>
Lots of things are possible. And the reason I am so suspicious is that
if this architecture is required
by a commercial app then the app's developers, resellers, and other
customers would have already
confronted and dealt with this issue.
As it it not credible that the company selling the app doesn't have a
solution the only logical
conclusion is that the premise is a fabrication.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Tue Nov 11 2003 - 14:06:09 CST
 |
 |