Allowing users to change passwords
Date: Thu, 13 Jan 2000 16:15:29 -0000
Message-ID: <85ktn9$god$1_at_taliesin2.netcom.net.uk>
[Quoted] We have a number of users accessing an 8.1.5 database via OAS 4.0.8......we [Quoted] have given the users a bit of functionality allowing them to change their [Quoted] passwords...basically they kick of a stored procedure which, by using dynamic SQL issues the "alter user STEVEB identified by <new password>;" DDL.... This works fine, no problems. However any user can go to a machine that another user has been using and, via the browser interface, alter the previous users password....not good....
What I need are a few good ideas to prevent this...ie force the user to enter their old password and the new password ( as is common on NT systems [Quoted] for passsword changing ) and validate the old password before changing to the new...
One way I've thought of is to call an external procedure from the invoked procedure which tries to connect to the same DB using the username and supplied ( old ) password.....If this fails then raise an error, if it works [Quoted] then one can assume that the old password is OK so then disconnect and continue as usual....
Any other ideas ( I don't particularly want to keep the passwords in a table [Quoted] against the username )
Cheers
Steve B
steve.bright_at_capgemini.co.uk Received on Thu Jan 13 2000 - 17:15:29 CET