--> Re: Oracle73 Password Encryption Function


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 5 of 5

Thread: --> Re: Oracle73 Password Encryption Function

  1. #1
    Jeffrey Nuestro Guest

    --> Re: Oracle73 Password Encryption Function


    dnagel,

    thanks for the feedback.

    yup the user enters the new password normally (in English). i need to apply
    oracle's encryption routine to it in order to compare it with the stored
    user password in oracles system tables.

    "dnagel" <GrandNagel@hotmail.com> wrote:
    >Not too experienced with encrypted passwords in Oracle...
    >
    >Are you saying that the user needs to enter an encrypted string
    >or the the user enters it normally and you are looking to compare
    >the hashed password that Oracle stores in its system tables to your
    >privately hashed password from the users input?
    >
    >In the latter case, I would imagine you won't have much luck.
    >
    >I'm curious... D?
    >
    >
    >"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >news:3c5620b5$1@10.1.10.29...
    >>
    >> I have an application interfacing with Oracle 7.3
    >>
    >> I need to compare the new password, inputted using the application, to

    the
    >> existing oracle user password which is encrypted.
    >>
    >> Is there an oracle encryption function which I can use to encrypt the

    new
    >> password so I could compare it with the encrypted oracle user password?
    >>

    >
    >



  2. #2
    dnagel Guest

    Re: --> Re: Oracle73 Password Encryption Function

    As stated, I have alimited background with Oracle internals,
    but to my knowledge, there are no means for using their
    routines to 're-scramble' the password.

    have a look here...

    http://rr.sans.org/appsec/oracle.php

    this looked interesting too...

    http://www.orafaq.com/faqdbase.htm#INTERNAL

    "Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    news:3c570af6$1@10.1.10.29...
    >
    > dnagel,
    >
    > thanks for the feedback.
    >
    > yup the user enters the new password normally (in English). i need to

    apply
    > oracle's encryption routine to it in order to compare it with the stored
    > user password in oracles system tables.
    >
    > "dnagel" <GrandNagel@hotmail.com> wrote:
    > >Not too experienced with encrypted passwords in Oracle...
    > >
    > >Are you saying that the user needs to enter an encrypted string
    > >or the the user enters it normally and you are looking to compare
    > >the hashed password that Oracle stores in its system tables to your
    > >privately hashed password from the users input?
    > >
    > >In the latter case, I would imagine you won't have much luck.
    > >
    > >I'm curious... D?
    > >
    > >
    > >"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    > >news:3c5620b5$1@10.1.10.29...
    > >>
    > >> I have an application interfacing with Oracle 7.3
    > >>
    > >> I need to compare the new password, inputted using the application, to

    > the
    > >> existing oracle user password which is encrypted.
    > >>
    > >> Is there an oracle encryption function which I can use to encrypt the

    > new
    > >> password so I could compare it with the encrypted oracle user password?
    > >>

    > >
    > >

    >




  3. #3
    Jeffrey Nuestro Guest

    Re: --> Re: Oracle73 Password Encryption Function


    dnagel,

    again thank you very much for the feedback.

    the two links you have provided, made available specific alternatives to
    what I had initially in mind.

    I will try to make full use of the following items listed from orafaq.com
    which speaks of managing passwords through profiles.

    PASSWORD_LIFE_TIME - limits the number of days the same password can be used
    for authentication
    PASSWORD_REUSE_TIME - number of days before a password can be reused
    PASSWORD_REUSE_MAX - number of password changes required before the current
    password can be reused

    I'll apprise you guys with the result of my tests.

    "dnagel" <GrandNagel@hotmail.com> wrote:
    >As stated, I have alimited background with Oracle internals,
    >but to my knowledge, there are no means for using their
    >routines to 're-scramble' the password.
    >
    >have a look here...
    >
    >http://rr.sans.org/appsec/oracle.php
    >
    >this looked interesting too...
    >
    >http://www.orafaq.com/faqdbase.htm#INTERNAL
    >
    >"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >news:3c570af6$1@10.1.10.29...
    >>
    >> dnagel,
    >>
    >> thanks for the feedback.
    >>
    >> yup the user enters the new password normally (in English). i need to

    >apply
    >> oracle's encryption routine to it in order to compare it with the stored
    >> user password in oracles system tables.
    >>
    >> "dnagel" <GrandNagel@hotmail.com> wrote:
    >> >Not too experienced with encrypted passwords in Oracle...
    >> >
    >> >Are you saying that the user needs to enter an encrypted string
    >> >or the the user enters it normally and you are looking to compare
    >> >the hashed password that Oracle stores in its system tables to your
    >> >privately hashed password from the users input?
    >> >
    >> >In the latter case, I would imagine you won't have much luck.
    >> >
    >> >I'm curious... D?
    >> >
    >> >
    >> >"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >> >news:3c5620b5$1@10.1.10.29...
    >> >>
    >> >> I have an application interfacing with Oracle 7.3
    >> >>
    >> >> I need to compare the new password, inputted using the application,

    to
    >> the
    >> >> existing oracle user password which is encrypted.
    >> >>
    >> >> Is there an oracle encryption function which I can use to encrypt the

    >> new
    >> >> password so I could compare it with the encrypted oracle user password?
    >> >>
    >> >
    >> >

    >>

    >
    >



  4. #4
    Jeffrey Nuestro Guest

    Re: --> Re: Oracle73 Password Encryption Function


    I have already tried using the items listed in my previous posting for oracle's
    password management but it seems these items are not supported in Oracle73
    and suit only Oracle8

    ORA-00922: missing or invalid option
    SQLWKS> create profile hello LIMIT
    2> PASSWORD_LIFE_TIME 30
    3> PASSWORD_REUSE_TIME 365
    4> PASSWORD_REUSE_MAX 100;
    PASSWORD_LIFE_TIME 30
    *
    ORA-02376: invalid or redundant resource

    I also tried listing the resources available:

    SQLWKS> select name from SYS.RESOURCE_MAP
    2>
    NAME
    --------------------------------
    COMPOSITE_LIMIT
    SESSIONS_PER_USER
    CPU_PER_SESSION
    CPU_PER_CALL
    LOGICAL_READS_PER_SESSION
    LOGICAL_READS_PER_CALL
    IDLE_TIME
    CONNECT_TIME
    PRIVATE_SGA
    9 rows selected.

    The password items are not present in this list when I think they should
    be. Is this an Oracle version issue?
    Does these password management items for Oracle8 have an equivalent in Oracle73?
    Can you help me out with these items?


    "Jeffrey Nuestro" <jnuestro@yahoo.com> wrote:
    >
    >dnagel,
    >
    >again thank you very much for the feedback.
    >
    >the two links you have provided, made available specific alternatives to
    >what I had initially in mind.
    >
    >I will try to make full use of the following items listed from orafaq.com
    >which speaks of managing passwords through profiles.
    >
    >PASSWORD_LIFE_TIME - limits the number of days the same password can be

    used
    >for authentication
    >PASSWORD_REUSE_TIME - number of days before a password can be reused
    >PASSWORD_REUSE_MAX - number of password changes required before the current
    >password can be reused
    >
    >I'll apprise you guys with the result of my tests.
    >
    >"dnagel" <GrandNagel@hotmail.com> wrote:
    >>As stated, I have alimited background with Oracle internals,
    >>but to my knowledge, there are no means for using their
    >>routines to 're-scramble' the password.
    >>
    >>have a look here...
    >>
    >>http://rr.sans.org/appsec/oracle.php
    >>
    >>this looked interesting too...
    >>
    >>http://www.orafaq.com/faqdbase.htm#INTERNAL
    >>
    >>"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >>news:3c570af6$1@10.1.10.29...
    >>>
    >>> dnagel,
    >>>
    >>> thanks for the feedback.
    >>>
    >>> yup the user enters the new password normally (in English). i need to

    >>apply
    >>> oracle's encryption routine to it in order to compare it with the stored
    >>> user password in oracles system tables.
    >>>
    >>> "dnagel" <GrandNagel@hotmail.com> wrote:
    >>> >Not too experienced with encrypted passwords in Oracle...
    >>> >
    >>> >Are you saying that the user needs to enter an encrypted string
    >>> >or the the user enters it normally and you are looking to compare
    >>> >the hashed password that Oracle stores in its system tables to your
    >>> >privately hashed password from the users input?
    >>> >
    >>> >In the latter case, I would imagine you won't have much luck.
    >>> >
    >>> >I'm curious... D?
    >>> >
    >>> >
    >>> >"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >>> >news:3c5620b5$1@10.1.10.29...
    >>> >>
    >>> >> I have an application interfacing with Oracle 7.3
    >>> >>
    >>> >> I need to compare the new password, inputted using the application,

    >to
    >>> the
    >>> >> existing oracle user password which is encrypted.
    >>> >>
    >>> >> Is there an oracle encryption function which I can use to encrypt

    the
    >>> new
    >>> >> password so I could compare it with the encrypted oracle user password?
    >>> >>
    >>> >
    >>> >
    >>>

    >>
    >>

    >



  5. #5
    Jeffrey Nuestro Guest

    Re: --> Re: Oracle73 Password Encryption Function


    I have already tried using the items listed in my previous posting for oracle's
    password management but it seems these items are not supported in Oracle73
    and suit only Oracle8

    The following items were captured from my Oracle Worksheet screen.

    ORA-00922: missing or invalid option
    SQLWKS> create profile hello LIMIT
    2> PASSWORD_LIFE_TIME 30
    3> PASSWORD_REUSE_TIME 365
    4> PASSWORD_REUSE_MAX 100;
    PASSWORD_LIFE_TIME 30
    *
    ORA-02376: invalid or redundant resource

    I also tried listing the resources available:

    SQLWKS> select name from SYS.RESOURCE_MAP
    2>
    NAME
    --------------------------------
    COMPOSITE_LIMIT
    SESSIONS_PER_USER
    CPU_PER_SESSION
    CPU_PER_CALL
    LOGICAL_READS_PER_SESSION
    LOGICAL_READS_PER_CALL
    IDLE_TIME
    CONNECT_TIME
    PRIVATE_SGA
    9 rows selected.

    The password items are not present in this list when I think they should
    be. Is this an Oracle version issue?
    Does these password management items for Oracle8 have an equivalent in Oracle73?
    Can you help me out with these items?


    "Jeffrey Nuestro" <jnuestro@yahoo.com> wrote:
    >
    >dnagel,
    >
    >again thank you very much for the feedback.
    >
    >the two links you have provided, made available specific alternatives to
    >what I had initially in mind.
    >
    >I will try to make full use of the following items listed from orafaq.com
    >which speaks of managing passwords through profiles.
    >
    >PASSWORD_LIFE_TIME - limits the number of days the same password can be

    used
    >for authentication
    >PASSWORD_REUSE_TIME - number of days before a password can be reused
    >PASSWORD_REUSE_MAX - number of password changes required before the current
    >password can be reused
    >
    >I'll apprise you guys with the result of my tests.
    >
    >"dnagel" <GrandNagel@hotmail.com> wrote:
    >>As stated, I have alimited background with Oracle internals,
    >>but to my knowledge, there are no means for using their
    >>routines to 're-scramble' the password.
    >>
    >>have a look here...
    >>
    >>http://rr.sans.org/appsec/oracle.php
    >>
    >>this looked interesting too...
    >>
    >>http://www.orafaq.com/faqdbase.htm#INTERNAL
    >>
    >>"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >>news:3c570af6$1@10.1.10.29...
    >>>
    >>> dnagel,
    >>>
    >>> thanks for the feedback.
    >>>
    >>> yup the user enters the new password normally (in English). i need to

    >>apply
    >>> oracle's encryption routine to it in order to compare it with the stored
    >>> user password in oracles system tables.
    >>>
    >>> "dnagel" <GrandNagel@hotmail.com> wrote:
    >>> >Not too experienced with encrypted passwords in Oracle...
    >>> >
    >>> >Are you saying that the user needs to enter an encrypted string
    >>> >or the the user enters it normally and you are looking to compare
    >>> >the hashed password that Oracle stores in its system tables to your
    >>> >privately hashed password from the users input?
    >>> >
    >>> >In the latter case, I would imagine you won't have much luck.
    >>> >
    >>> >I'm curious... D?
    >>> >
    >>> >
    >>> >"Jeffrey Nuestro" <jnuestro@yahoo.com> wrote in message
    >>> >news:3c5620b5$1@10.1.10.29...
    >>> >>
    >>> >> I have an application interfacing with Oracle 7.3
    >>> >>
    >>> >> I need to compare the new password, inputted using the application,

    >to
    >>> the
    >>> >> existing oracle user password which is encrypted.
    >>> >>
    >>> >> Is there an oracle encryption function which I can use to encrypt

    the
    >>> new
    >>> >> password so I could compare it with the encrypted oracle user password?
    >>> >>
    >>> >
    >>> >
    >>>

    >>
    >>

    >



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center