Ask the Expert

Using ALTER USER for changing passwords

We are looking at implementing password profiles on our database users and attaching a password verification function. I read where ALTER USER does not fully support password verification functions. In what way? I would hate to not be able to use ALTER USER for changing passwords.

    Requires Free Membership to View

Oracle Corp. has stated that the only approved methods of changing a password with a password verification function are through the SQL*Plus password command and through the OCIPasswordChange call. If a normal user uses the ALTER USER command and they have a password verification function, then they will receive an error, even if the password passes the verification function. If a DBA user issues the ALTER USER command, then the password verification function is bypassed. This was very frustrating because only SQL*Plus and OCI applications could use the password verfication function. Even Oracle's own products, like Oracle Forms could not have a user change the password if a password verification function was employed.

It took quite some time, but Oracle finally classified this as a bug, Bug #1231172. The Oracle 8.1.7.4 patchset, and Oracle 9.2.0.1 now have the capability to let the user issue a command as follows:

ALTER USER user IDENTIFIED BY 'newpassword' REPLACE 'oldpassword';

This command will let the user issue the ALTER USER command and still employ a password verification function.

This was first published in March 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: