the password is not longer displayed in dba_users.password in 11g
By reading Pete Finnigan’s Oracle security weblog today, I discovered that the password is no longer displayed in DBA_USERS in 11g.
select username,password
from dba_users
where username='SCOTT';
USERNAME PASSWORD
-------- ------------------------------
SCOTT
select name,password
from sys.user$
where name='SCOTT';
NAME PASSWORD
----- ------------------------------
SCOTT F894844C34402B67
on the one hand, it is good for the security.
On the other hand, it is a huge change which is not documented (I immediately sent comments to the Security and Reference book authors) and it will make a lot of script failing (scripts that use to change the password to log in and change it back to the original value afterwards).
Protecting the hash is extremely important, check your scripts for 11g compatibility!
August 27th, 2007 at 16:03
So no more “alter user my_user identified by values ‘hash value’;” ?
August 27th, 2007 at 16:17
password is still in SYS.USER$
October 6th, 2007 at 15:59
[…] المصدر […]
October 12th, 2007 at 00:28
Oracle changed their own code
set long 9999
SELECT DBMS_METADATA.get_ddl (’USER’, ‘SCOTT’)
FROM DUAL;
October 12th, 2007 at 08:51
true, if you use the new algorythm, the values is no longer the 10g hash value USER$.PASSWORD but it is the SHA string in SYS.USER$.SPARE4
January 8th, 2008 at 05:51
[…] Hago referencia a este articulo que es muy bueno sacado del sitio “http://laurentschneider.com” donde se explica que la columna PASSWORD de la DBA_USERS ya no es visible en 11G: select username,password from dba_users where username=’SCOTT’; USERNAME PASSWORD ——– —————————— SCOTT […]
March 12th, 2008 at 15:02
[…] I wrote about dba_users changes in 11g . […]