| Changing password from forms [message #357746] |
Thu, 06 November 2008 07:54  |
Derek N
Messages: 80
Registered: September 2002
|
Member |
|
|
I created a password maintenence form and am using forms_ddl to change a users password. My statement is :
forms_ddl('ALTER USER '||uname||' IDENTIFIED BY '||''''''||:b2_1.password||''''''||' PASSWORD EXPIRE');
After allocating a new password through this maintenence form, the user cannot logon to their menu this password.
However if I issue the same command through PL/SQL Developer:
ALTER USER UDSE36 IDENTIFIED BY "~!test123*" PASSWORD EXPIRE;
The user was able to log on and change their password.
I have messaged the forms_ddl statement and all the spacings etc. are correct.
|
|
|
|
| Re: Changing password from forms [message #357749 is a reply to message #357746] |
Thu, 06 November 2008 08:08  |
 |
Michel Cadot
Messages: 68732
Registered: March 2007
Location: Saint-Maur, France, https...
|
Senior Member
Account Moderator |
|
|
If you posted in a formatted way like:
forms_ddl('ALTER USER '||uname||' IDENTIFIED BY '||''''''||:b2_1.password||''''''||' PASSWORD EXPIRE');
You immediatly saw that you didn't use double-quotes but you doubled single quotes.
In addition, you should google for SQL Injecttion. There I can hack your database.
Regards
Michel
[Updated on: Thu, 06 November 2008 08:09] Report message to a moderator |
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
