Re: capture oracle pwd change in 3rd party application. help needed
From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Thu, 06 Nov 2003 22:21:09 -0800
Message-ID: <1068186089.970017_at_yasure>
Joel Garry wrote:
machine on which I had no permissions. It is a hacker's delight.
Date: Thu, 06 Nov 2003 22:21:09 -0800
Message-ID: <1068186089.970017_at_yasure>
My objection is that it would take me a matter of minutes to make myself an account on anotherDaniel Morgan <damorgan_at_x.washington.edu> wrote in message news:<1068147990.413220_at_yasure>...Lasher wrote:Hi, I have clients using an application that allows users to change their passwords. The application uses the 'ALTER USER xxx IDENTIFIED BY.....' command. What I need to do is use Oracle to capture the username and password and send the info to another Oracle instance on a different server and update that users password. Basically I need to keep the user's password in sync between two different databases. I also cannot change the application in anyway and therefore need to do this from the Oracle side. Any ideas would be great.........Go to $ORACLE_HOME/rdmbs/admin Look at the file utlpwdmg.sql If you have any business doing this you will be able to fill in the rest of the picture. Personally I agree with Pete. This is nonsense and worse than nonsense a huge violation of any reasonable definition of system security. The OEM should fix the problem. And my advise to you would be not to do this. That it can be done doesn't mean that it should be done. The entire idea stinks.I'm not sure what is so wrong about this, at least using Pete's suggestion of Identified by Values in a non-public environment? It seems as reasonable as, say, copying /etc/passwd (or shadow equivalents) and user files to synchronize users on two identical servers. jg -- _at_home.com is bogus. http://www.signonsandiego.com/news/metro/20031106-9999_2m6wage.html
machine on which I had no permissions. It is a hacker's delight.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Fri Nov 07 2003 - 07:21:09 CET