the password is not longer displayed in dba_users.password in 11g

By reading Pete Finnigan’s Oracle security weblog today, I discovered that the password is no longer displayed in DBA_USERS in 11g.


select username,password 
from dba_users 
where username='SCOTT';
USERNAME PASSWORD
-------- ------------------------------
SCOTT

select name,password 
from sys.user$ 
where name='SCOTT';
NAME  PASSWORD
----- ------------------------------
SCOTT F894844C34402B67

on the one hand, it is good for the security.

On the other hand, it is a huge change which is not documented (I immediately sent comments to the Security and Reference book authors) and it will make a lot of script failing (scripts that use to change the password to log in and change it back to the original value afterwards).

Protecting the hash is extremely important, check your scripts for 11g compatibility!

11 thoughts on “the password is not longer displayed in dba_users.password in 11g”

  1. Pingback: the password is not longer displayed in dba_users.password in 11gLaurent Schneider | سعد الهويمل
  2. Oracle changed their own code
    set long 9999
    SELECT DBMS_METADATA.get_ddl (‘USER’, ‘SCOTT’)
    FROM DUAL;

  3. Pingback: Javier Andrés Pérez Díaz » Columna password de DBA_USERS en 11G
  4. So, Can I do the old
    alter user my_user identified by values ‘hash value’;

    using the hash value provided in the spare4 column ?

    Thanks

Leave a Reply

Your email address will not be published.


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>