Unfortunately, this is the only solution that I can think of. Advanced Security
has no feature that does what he wants to do.
Rick
In article <26703915.0206280112.22d0fb3f_at_posting.google.com>,
skapitza_at_volcanomail.com says...
>
>hi chris,
>
>you could do the following
>
><PseudoCode>
>
>isPasswordValid(pass,user){
>begin
> oldHashPass = gethashPass(user);
> changePasswordUser(pass)
> newHashPass = gethashPass(user);
> boolean passValid = (oldHashPass equals newHashPass);
> changePasswordUser(user,oldHashPass);
> return passValid;
>end
>
>but i think jim is right as you get with
>adv. security a certified solution.
>
>hth.
>
>s. kapitza
>
>chrisforbis_at_yahoo.com (Chris Forbis) wrote in message
>news:<f2dc430d.0206271754.2648cced_at_posting.google.com>...
>> I would like to check a user for a valid password without logging them
>> into oracle. I have a connection with system to my database with a
>> thread in my application. I would like to see if the current user has
>> given me correct info without using the time to build a connection and
>> all.
>>
>> Can something like this be done?
>> SELECT IsValidPassword(thepassword,theuser) from dual;
>>
>> I know this function does not exist but could I make one with what
>> oracle gives me in 8.1.7?
>>
>> Also any way to encode thepassword part before oracle send it to the
>> database, this so a packet sniffer can not grab the password?
>>
>> Thanks!
Rick Wessman
Oracle Corporation
The opinions expressed above are mine and do not necessarily reflect
those of Oracle Corporation.
Received on Fri Jun 28 2002 - 06:45:38 CDT
