Re: Allowing users to change passwords

From: Steve B <steve.bright_at_capgemini.co.uk>
Date: Mon, 17 Jan 2000 11:48:24 -0000
Message-ID: <85uvib$oup$1_at_taliesin2.netcom.net.uk>

Merci beaucoup....

Steve B

steve.bright_at_capgemini.co.uk

[Quoted] Emmanuel <zouzou_at_yahoo.com> wrote in message news:01bf5e9e$a3bbc9a0$3601017e_at_EHM.cirra.fr...
> May I suggest the following :
>
> - Save the value of the PASSWORD column in DBA_USERS, i.e. in the variable
> OldEncryptedPwd
> - Use the Old Password value provided by the user and do the following :
>
> ALTER USER MyUser IDENTIFIED BY OldPassword;
>
> - Compare the new value of PASSWORD column with value of variable
> OldEncryptedPwd
> - If it's the same, proceed with :
>
> ALTER USER MyUser IDENTIFIED BY NewPassword;
>
> - if not, go back to the REAL old password by doing the following :
>
> ALTER USER MyUser IDENTIFIED BY VALUES 'OldEncryptedPwd';
>
> and issue an error message.
>
>
>
> Steve B <steve.bright_at_capgemini.co.uk> a �crit dans l'article
> <85ktn9$god$1_at_taliesin2.netcom.net.uk>...
> > We have a number of users accessing an 8.1.5 database via OAS
> 4.0.8......we
> > have given the users a bit of functionality allowing them to change
their
> > passwords...basically they kick of a stored procedure which, by using
> > dynamic SQL issues the "alter user STEVEB identified by <new password>;"
> > DDL....
> >
> > This works fine, no problems. However any user can go to a machine that
> > another user has been using and, via the browser interface, alter the
> > previous users password....not good....
> >
> > What I need are a few good ideas to prevent this...ie force the user to
> > enter their old password and the new password ( as is common on NT
> systems
> > for passsword changing ) and validate the old password before changing
to
> > the new...
> >
> > One way I've thought of is to call an external procedure from the
invoked
> > procedure which tries to connect to the same DB using the username and
> > supplied ( old ) password.....If this fails then raise an error, if it
> works
> > then one can assume that the old password is OK so then disconnect and
> > continue as usual....
> >
> > Any other ideas ( I don't particularly want to keep the passwords in a
> table
> > against the username )
> >
> >
> > Cheers
> >
> > Steve B
> >
> > steve.bright_at_capgemini.co.uk
> >
> >
> >
> >
Received on Mon Jan 17 2000 - 12:48:24 CET

This message: [ Message body ]
Next message: Frank van Bortel: "Re: Problem with Application Design Transformer in Function Hierarchy Diagrammer in Oracle Designer 6"
Previous message: VdWal: "Developer 6.0 vs 2.1 differences?"
Maybe in reply to: Steve B: "Allowing users to change passwords"
In reply to Emmanuel: "Re: Allowing users to change passwords"
Next in thread: Frank van Bortel: "Re: Problem with Application Design Transformer in Function Hierarchy Diagrammer in Oracle Designer 6"
Reply: abc: "Re: ORA-12154 : TNS: could not reslove service name"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message