Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: How is password hashed in Oracle?
"joebayer" <joebayer(nospam)@hotmail.com> wrote in message
news:LZe6g.14142$Un3.2887_at_trnddc05...
> I am using Oracle 9206.
>
> One of the requests from my manager is asking me to provide all the users
> who is using the user_name as their password.
>
> But in DBA_USERS, password column is hashed, how could I get that list?
>
> I remember in Oracle, password is hashed by dbms_system.hash, or something
> like that, could anybody provide some help?
>
> Thanks
>
>
You could store the current value for the password off and then create a
password that is = to the user name and see if that value is the same as the
stored off password. If it is then the username = the password else it =
something else. Then set the password back.
(see alter user xxx identified by values 'THEHASH...';
see the dba_users table)
You can also impliment a password policy that new passwords can't be the
username. You have to write some pl/sql (see docs)
Jim
Received on Wed May 03 2006 - 23:11:26 CDT