Re: Oracle Password Encryption Algorithm

From: John Bechtel <john.bechtel_at_teldta.com>
Date: 1997/03/18
Message-ID: <332EBFA0.5E63_at_teldta.com>#1/1


Dave Macpherson wrote:
> I am doing just this type of thing on the Unix side to validate a
> unix password against the /etc/passwd file. One can encrypt the
> plaintext password using the unix 'crypt' function call (source
> readily available, by the way) and compare it to the encrypted field
> stored within the password file. I don't care to know the plaintext
> password, I just want to validate that the person is who they say they
> are.
>
> I have a similar requirement in my Oracle app. A user, who does not
> have the authority to perform a certain action should a certain
> condition arise, needs to have a supervisor or co-worker who is
> authorized validate the transaction. I can tell if the other person is
> authorized because it is driven by the Oracle role mechanism. The
> other person has to 'walk' over to the operators terminal, enter their
> Oracle userID and password. If it matches, then I can permit the
> transaction to proceed.
>
> This shouldn't be too difficult. I know that the password encryption
> is only 1-way. Since it is easy to do this type of validation on the
> Unix side, I thought someone might have done something similar on the
> Oracle side.
>
> Dave Macpherson

It may not be the cleanest way to do this, but at my previous job, we wrote a little Pro*C program that would accept a username/password and try to connect to the database. It would return the appropriate code (success/failure) to the calling program. We were doing this from within Forms 3 and using user_exits to call the C program. It actually worked very well.

I'm not sure what your front end is, but you could probably do something similar. If you use oraperl, it would be very simple. Just call &ora_login and pass back the return code.

John Bechtel Received on Tue Mar 18 1997 - 00:00:00 CET

Original text of this message