Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How is password hashed in Oracle?

Re: How is password hashed in Oracle?

From: Jim Kennedy <jim>
Date: Wed, 3 May 2006 21:11:26 -0700
Message-ID: <B-KdnSLGGPPF48TZ4p2dnA@comcast.com>

"joebayer" <joebayer(nospam)@hotmail.com> wrote in message news:LZe6g.14142$Un3.2887_at_trnddc05...
> I am using Oracle 9206.
>
> One of the requests from my manager is asking me to provide all the users
> who is using the user_name as their password.
>
> But in DBA_USERS, password column is hashed, how could I get that list?
>
> I remember in Oracle, password is hashed by dbms_system.hash, or something
> like that, could anybody provide some help?
>
> Thanks
>
>

You could store the current value for the password off and then create a password that is = to the user name and see if that value is the same as the stored off password. If it is then the username = the password else it = something else. Then set the password back. (see alter user xxx identified by values 'THEHASH...'; see the dba_users table)
You can also impliment a password policy that new passwords can't be the username. You have to write some pl/sql (see docs) Jim Received on Wed May 03 2006 - 23:11:26 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US