Re: Oracle equivalent to unix 'su - username'... connecting as someone else

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: 1998/09/02
Message-ID: <35ee4ce5.3415521_at_192.86.155.100>#1/1

[Quoted] A copy of this was sent to jared_at_pandora.planet.net (Jared Hecker) (if that email address didn't require changing) On 1 Sep 1998 19:04:19 GMT, you wrote:

>One would want to connect as a non-dba to do things like grant object
>privileges on objects the non-dba owns to others.
>
>
>landmass_at_iname.com wrote:
>: Easiest way, is to look at the dba_users table, which holds an encrypted
>: version of the password. If you do a "select username, password from
>: dba_users where user_name = '????';", and then save this to a file - DO NOT
>: DELETE IT. You can then use the 'alter user xxxx identified by yyyy;'
>: statement to change the users password to something that you know.... When
>: you have finished, you can change it back to its previous value: alter user
>: xxxxx identified by values '<paste password string from file here>';
>
>Really?? Must try this, I didn't know this was a consistent cypher.
>Rather defeats the purpose of encrypting the password, though.
>

why does it defeat the purpose of DIGESTING (not encrypting) the password?

the password is *not* encrypted -- its a one way digest.

If the user SCOTT uses the password TIGER -- it will hash to the same string of characters consistently on all platforms (so we can move a password for a user from one system to another without having to know the password).

If the user BOB users the password TIGER -- it will hash to ANOTHER string but consistently to that other string for BOB on all platforms.

Check out your /etc/shadow or /etc/passwd file on unix sometime -- you can move it from machine to machine (given the same OS and hardware architecture) and have the passwords move with you -- it works the same way. I copy unix passwords for people from machine to machine this way all of the time. The passwords are one way digests, very safe. Just because you have the digest doesn't mean you have the password.

>Regards,
>jh

Thomas Kyte
tkyte_at_us.oracle.com
Oracle Government
Herndon VA

--
http://govt.us.oracle.com/    -- downloadable utilities
 
----------------------------------------------------------------------------
Opinions are mine and do not necessarily reflect those of Oracle Corporation
 
Anti-Anti Spam Msg: if you want an answer emailed to you, 
you have to make it easy to get email to you.  Any bounced
email will be treated the same way i treat SPAM-- I delete it.

Received on Wed Sep 02 1998 - 00:00:00 CEST

This message: [ Message body ]
Next message: scotten_at_my-dejanews.com: "Re: HELP! Designer/2000: how to print diagram to a file?"
Previous message: landmass_at_iname.com: "Re: Oracle equivalent to unix 'su - username'... connecting as someone else"
Maybe in reply to: landmass_at_iname.com: "Re: Oracle equivalent to unix 'su - username'... connecting as someone else"
In reply to Jared Hecker: "Re: Oracle equivalent to unix 'su - username'... connecting as someone else"
Next in thread: scotten_at_my-dejanews.com: "Re: HELP! Designer/2000: how to print diagram to a file?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message