Re: Old password authentication and logout button

From: Karsten Farrell <kfarrell_at_belgariad.com>
Date: Fri, 11 Apr 2003 21:18:33 GMT
Message-ID: <MPG.1900d1054c6f866a98973b@news.la.sbcglobal.net>

kathleen.m.ranes_at_boeing.com said...
> 2)To authenticate their old password before allowing the user to change
> their password to something else.
>
> I've read in the Oracle material that ocipasswordchange() can be used to
> verify the old password, but I'm not using C or Perl and want to be able
> to run it from a PL/SQL package.
>
> Any ideas to accomplish the above would be appreciated.
>

Head on over to http://asktom.oracle.com and search for "dbms_obfuscation_toolkit" (without quotes). If you pass the clear-text password, it will return the encrypted password that Oracle uses and you can compare that against dba_users or some such.

For example, I have the following function that returns the encrypted password:

create or replace function md5_digest (
  vin_string IN varchar2
  ) return varchar2 IS

  --
  -- Return an MD5 hash of the input string.
  --

  BEGIN
    --

• Hash (encrypt) a string using DBMS_OBFUSCATION_TOOLKIT.MD5. return lower(dbms_obfuscation_toolkit.md5 ( input => utl_raw.cast_to_raw(vin_string) )); -- END md5_digest;

-- 
/Karsten
DBA > retired > DBA

Received on Fri Apr 11 2003 - 16:18:33 CDT