Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: ORA-28002 When Using Hash

Re: ORA-28002 When Using Hash

From: Anurag Varma <avdbi_at_hotmail.com>
Date: Mon, 13 Dec 2004 23:51:46 GMT
Message-ID: <mWpvd.7$DQ3.4@twister.nyroc.rr.com> 






"Michel Cadot" <micadot{at}altern{dot}org> wrote in message news:41bd439b$0$12260$626a14ce_at_news.free.fr...


>

> "Mark D Powell" <Mark.Powell_at_eds.com> a écrit dans le message de

> news:1102888481.359209.158580_at_c13g2000cwb.googlegroups.com...

> > Michel, to the best of my knowledge Oracle does not store the original

> > password in unhashed form.  Why would you think it does?

> > HTH -- Mark D Powell --

> >

>

> I think it does because when you activate the password verification function

> and change the password of a user, Oracle gives you the _old_ and new

> passwords in clear form.

> If it can do that then, i think, it stores the old password somewhere in

> an unhashed form.

>

> Regards

> Michel Cadot

>

>




Michel,



I too agree with Mark. Oracle does not store the old password in clear text form. If password history is enabled, then
oracle stores the password hash.


You seem to be referring to the password verification function which requires the old password to be
supplied to it.


In that case, the old password needs to be supplied by the user when changing the password.
In sqlplus this would be done by the "password" command.




Anurag
Received on Mon Dec 13 2004 - 17:51:46 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US