OraFAQ Forum: Programming Interfaces » Modifying a passwoed on a front end application

Home » Open Source » Programming Interfaces » Modifying a passwoed on a front end application

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Modifying a passwoed on a front end application [message #247079]

Sat, 23 June 2007 12:22

srhngsn
Messages: 6
Registered: June 2007

Junior Member

I would like to know if apart from the alter user option, there is another function that can be used to modify a user's password.

To enforce the password I'm using the password_verify_function, but the check between the old and the new password is bypassed as the old one is never asked when you're using alter or the password command as a sysdba or a user with alter user privileges.

Thanks

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247082 is a reply to message #247079]

Sat, 23 June 2007 13:26

Michel Cadot
Messages: 68731
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Which application? Custom? SQL*Plus? ...
Which programming language do you use? Pro*C? OCI? OO4O? OLE DB? ...

Please always post your Oracle version (4 decimals).

Regards
Michel

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247084 is a reply to message #247079]

Sat, 23 June 2007 14:26

srhngsn
Messages: 6
Registered: June 2007

Junior Member

Hi,

It's a custom application. I'm using a web interface with PHP.
I'm only getting values from the interface to feed my PL/SQL functions.
10g Release 2 (10.2.0)

Regards,

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247085 is a reply to message #247079]

Sat, 23 June 2007 14:41

Michel Cadot
Messages: 68731
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Another question.
What is the problem with users having "alter user" privilege?
Normally, no user but DBA should have this privilege.
Normal users have to satisfy password_verify_function criteria. This is the most important point.
DBA users when they modify other's password should set it "expire" so user has to modify it at his first connection.

Regards
Michel

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247087 is a reply to message #247079]

Sat, 23 June 2007 15:05

srhngsn
Messages: 6
Registered: June 2007

Junior Member

The users with privileges can create, modify and delete users. (That's the only privilege they have above the others)

Quote:

DBA users when they modify other's password should set it "expire" so user has to modify it at his first connection.

This can be a solution but I still don't know to which PL/SQL function to pass the parameters when using a fron end application.
Is there any aquivalent to the password command where one could pass some variables as parameters ?

Regards

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247089 is a reply to message #247079]

Sat, 23 June 2007 15:26

BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal

Senior Member

I'm not sure this would be a viable option, but here is something similar I did in the past.
At time a developer would get in his own way resulting in a package being locked open preventing it from being changed.
This can occur when a developer has multiple sessions into the database.
So I created a package owned by SYS & with "DBA" privs.
This package would accept a username (USER) & would then proceed to ALTER SYSTEM KILL SESSION all sessions owned by that user.
When a developer found himself in a deadlock situation, he would/could open yet another session & invoke this package (SUICIDE_ME).
All this package would ever do is kill all the invoker's sessions.
All I needed to do was to GRANT EXECUTE ON SYS.SUICIDE_ME TO DUHVELOPER;

HTH & YMMV

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247091 is a reply to message #247087]

Sat, 23 June 2007 15:45

Michel Cadot
Messages: 68731
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

Is there any aquivalent to the password command where one could pass some variables as parameters ?

There is in OCI and other interfaces.
What is your interface with Oracle? What module do you use to talk with Oracle?

Regards
Michel

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247092 is a reply to message #247079]

Sat, 23 June 2007 16:00

srhngsn
Messages: 6
Registered: June 2007

Junior Member

I'm using an independent Apache server configured to work with oracle.
To do this in Windows, either one of these two lines are uncommented :

;extension=php_oci8.dll
;extension=php_oracle.dll

Regards

Report message to a moderator

Re: Modifying a passwoed on a front end application [message #247096 is a reply to message #247092]

Sun, 24 June 2007 00:38

Michel Cadot
Messages: 68731
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

I don't know PHP but I'm pretty sure that at least one of these allow you to do this.

I transfer this thread to the PHP forum.

Regards
Michel

Report message to a moderator

Previous Topic:	oracle and php
Next Topic:	ODBC connection fails for Oracle 10g in Windows XP.

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Jan 17 14:52:51 CST 2025