Re: User Password

From: Stjepan Brbot <stjepan.brbot_at_zg.hinet.hr>
Date: Fri, 16 Aug 2002 23:29:09 +0200
Message-ID: <ajjqra$4jjf$6_at_as201.hinet.hr>

"WISCO" <jb26_at_hotmail.com> wrote in message news:ajilq3$b5f$1_at_reader02.singnet.com.sg...
> Which table does Oracle store users password?
> Can Oracle Admin see the password?

I don't know for any system having serious authentication mechanism (Oracle, Windows, Solaris ...) where anybody (including sys/admin ...) is able to see passwords of other users. That's because encryption algorithm is one-way algorithm creating hash for password and storing only hashes. When user wants to authenticate himself on system, authentication algorithm again from entered password creates a hash and compares it with stored hash of original password, if hashes mutually mach it means that user entered the right password and he is passed. Admin/SYS is able to lock user, change password but not to see current password of user. However, there is tools that can reveal user passwords using brute force tactics but there's no ordinary way to see user's passwords! Received on Fri Aug 16 2002 - 23:29:09 CEST

This message: [ Message body ]
Next message: Rene S. Nielsen: "Re: 8.1.7 Backup and Restore"
Previous message: Stjepan Brbot: "Re: SQL Beautifier and/or Perl SQL parser"
In reply to WISCO: "User Password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message