Using ALTER USER for changing passwords

We are looking at implementing password profiles on our database users and attaching a password verification function....

I read where ALTER USER does not fully support password verification functions. In what way? I would hate to not be able to use ALTER USER for changing passwords. Oracle Corp. has stated that the only approved methods of changing a password with a password verification function are through the SQL*Plus password command and through the OCIPasswordChange call. If a normal user uses the ALTER USER command and they have a password verification function, then they will receive an error, even if the password passes the verification function. If a DBA user issues the ALTER USER command, then the password verification function is bypassed. This was very frustrating because only SQL*Plus and OCI applications could use the password verfication function. Even Oracle's own products, like Oracle Forms could not have a user change the password if a password verification function was employed.

It took quite some time, but Oracle finally classified this as a bug, Bug #1231172. The Oracle patchset, and Oracle now have the capability to let the user issue a command as follows:

ALTER USER user IDENTIFIED BY 'newpassword' REPLACE 'oldpassword';

This command will let the user issue the ALTER USER command and still employ a password verification function.

This was first published in March 2004

Dig Deeper on Oracle database design and architecture

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: