From: "Jonathan Lewis" Subject: Re: verify existing oracle password before changing Date: 2000/06/06 Message-ID: <960320221.10430.3.nnrp-06.9e984b29@news.demon.co.uk>#1/1 X-NNTP-Posting-Host: jlcomp.demon.co.uk:158.152.75.41 References: <8g0kf0$pu6$1@nnrp1.deja.com> X-Trace: news.demon.co.uk 960320221 nnrp-06:10430 NO-IDENT jlcomp.demon.co.uk:158.152.75.41 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Newsgroups: comp.databases.oracle.misc X-Complaints-To: abuse@demon.net There is a bit of a hole in that one, though, as you could set a profile that restricts password re-use -e.g. mustn't use the same password within 6 months, mustn't use the same password again unless it has changed 5 times in the interim. An idea I am working with is to use a BEFORE DDL database trigger that fires on an ALTER and acquires the value dbms_standard.des_encrypted_password, then mucks about when this is not null to avoid the alter user. The trouble at present is the des_encrypted_password doesn't seem to have much to do with what Oracle stores as the password - back to the drawing board. -- Jonathan Lewis Yet another Oracle-related web site: http://www.jlcomp.demon.co.uk Thomas J. Kyte wrote in message <8g0kf0$pu6$1@nnrp1.deja.com>... >there is nothing builtin to do that. In order to do that, you can > >- save their current digested password >- alter them to have the password they give you that you want to check >- read that digested password out >- compare them > - if different put the first digest back return FALSE > - else return TRUE >