Home > Ask the Oracle Experts > Questions & Answers
Ask The Oracle Expert: Questions & Answers
EMAIL THIS

Using ALTER USER for changing passwords

Brian Peasland EXPERT RESPONSE FROM: Brian Peasland

Pose a Question
Other Oracle Categories
Meet all Oracle Experts
Become an Expert for this site
>
QUESTION POSED ON: 26 March 2004
We are looking at implementing password profiles on our database users and attaching a password verification function. I read where ALTER USER does not fully support password verification functions. In what way? I would hate to not be able to use ALTER USER for changing passwords.

>
EXPERT RESPONSE
Oracle Corp. has stated that the only approved methods of changing a password with a password verification function are through the SQL*Plus password command and through the OCIPasswordChange call. If a normal user uses the ALTER USER command and they have a password verification function, then they will receive an error, even if the password passes the verification function. If a DBA user issues the ALTER USER command, then the password verification function is bypassed. This was very frustrating because only SQL*Plus and OCI applications could use the password verfication function. Even Oracle's own products, like Oracle Forms could not have a user change the password if a password verification function was employed.

It took quite some time, but Oracle finally classified this as a bug, Bug #1231172. The Oracle 8.1.7.4 patchset, and Oracle 9.2.0.1 now have the capability to let the user issue a command as follows:

ALTER USER user IDENTIFIED BY 'newpassword' REPLACE 'oldpassword';

This command will let the user issue the ALTER USER command and still employ a password verification function.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsTipsAsk the ExpertsMultimediaWhite PapersProductsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts