Toad World® Forums

Change Oracle password using a website

Currently we have an application in which under certain conditions you are not able to change the Oracle password due to limitations created by the developer of the application.

We are discussing with the developer to change that, but that will take some time, because we are on an older version and don’t want to upgrade on this moment.

My question is now, has someone ever created a website/webservice, so that users can change their password?

In a word, no. But I’m puzzled as to what the developer did and if that prevents the oracle password from being changed, how will a Web system be able to change it?

I think the user might have a profile with a password verification function, or, there’s a profile parameter that prevents password changes soon after the previous one (I’d check to see that I’m not getting confused with Unix but I’m on day 2 of a new contract and I have no account set up yet!).

Anyway I suspect you might get around this by creating a new profile with appropriate settings, altering the user that needs the password change to have this as the profile, change the password, then set the profile back again.

Based purely on what I have understood from your email. Apologies if I’m off base.

I’m puzzled though. The application prevents you changing the oracle password? Is this an application user’s password as opposed to a genuine oracle database account’s password. I don’t see how an application can prevent you changing a database user’s password with ALTER USER X IDENTIFIED BY NEWPASSWORD.

Cheers,

Norm [ TeamT ].

Sent from my Android device with K-9 Mail. Please excuse my brevity.

Hi Norm,

This application has an option in which you can use LDAP so that the application authenticates against the windows password for the user. But the users who don’t have a windows account in our Active Directory can still enter the application with their Oracle account and password. So far so good for the users in the other active directory who wants to login in the application.

But due to an oversight of the developers, if you activate LDAP you cannot change your password anymore for Oracle. The functions for that in the application are disabled. And we don’t want to go back to the non LDAP situation, because one password for almost all applications is a good thing (there is profile on the Windows environment about changing passwords and such).

I can change the passwords for the users as Administrator, but that is not doable for obvious reasons.

So I thought, if we build an website who has an Oracle connection, then you can write functions to change the password, while authenticating the old password and such for the users that could not use windows-authenticating.

From: Norm [TeamT] [mailto:bounce-NormTeamT@toadworld.com]

Sent: Tuesday, 5 April, 2016 15:54

To: oracle@toadworld.com

Subject: RE: [Toad World - Oracle Discussion Forum] Change Oracle password using a website.

RE: Change Oracle password using a website.

Reply by Norm [TeamT]

In a word, no. But I’m puzzled as to what the developer did and if that prevents the oracle password from being changed, how will a Web system be able to change it?

I think the user might have a profile with a password verification function, or, there’s a profile parameter that prevents password changes soon after the previous one (I’d check to see that I’m not getting confused with Unix but I’m on day 2 of a new contract and I have no account set up yet!).

Anyway I suspect you might get around this by creating a new profile with appropriate settings, altering the user that needs the password change to have this as the profile, change the password, then set the profile back again.

Based purely on what I have understood from your email. Apologies if I’m off base.

I’m puzzled though. The application prevents you changing the oracle password? Is this an application user’s password as opposed to a genuine oracle database account’s password. I don’t see how an application can prevent you changing a database user’s password with ALTER USER X IDENTIFIED BY NEWPASSWORD.

Cheers,

Norm [ TeamT ].

Sent from my Android device with K-9 Mail. Please excuse my brevity.

To reply, please reply-all to this email.

Stop receiving emails on this subject.

Or Unsubscribe from Oracle notifications altogether.

Toad World - Oracle Discussion Forum

Flag
this post as spam/abuse.

Wim de Lange

Senior IT expert

ALcontrol Laboratories

Steenhouwerstraat 15

3194 AG Rotterdam NL

Tel +31 10 23 14 724 • Mobile +31 65 15 34 387

Fax +31 10 41 63 034

e-mail W.deLange@alcontrol.nl •
www.alcontrol.com

  • The information in this e-mail is confidential and may also be legally privileged.The contents are intended for recipient only and are subject to the legal notice available at: www.alcontrol.nl. Registered Office:Alcontrol BV, Steenhouwerstraat 15, 3194 AG Rotterdam.*

In addition to my previous answer. The client application does not login to the database itself. It has no database connection at all. It communicates with an application server who has database access (off course) and it can execute oracle statement as other users (not sure how that is called). In this way security is working. Very complex but it is working.

From: Norm [TeamT] [mailto:bounce-NormTeamT@toadworld.com]

Sent: Tuesday, 5 April, 2016 15:54

To: oracle@toadworld.com

Subject: RE: [Toad World - Oracle Discussion Forum] Change Oracle password using a website.

RE: Change Oracle password using a website.

Reply by Norm [TeamT]

In a word, no. But I’m puzzled as to what the developer did and if that prevents the oracle password from being changed, how will a Web system be able to change it?

I think the user might have a profile with a password verification function, or, there’s a profile parameter that prevents password changes soon after the previous one (I’d check to see that I’m not getting confused with Unix but I’m on day 2 of a new contract and I have no account set up yet!).

Anyway I suspect you might get around this by creating a new profile with appropriate settings, altering the user that needs the password change to have this as the profile, change the password, then set the profile back again.

Based purely on what I have understood from your email. Apologies if I’m off base.

I’m puzzled though. The application prevents you changing the oracle password? Is this an application user’s password as opposed to a genuine oracle database account’s password. I don’t see how an application can prevent you changing a database user’s password with ALTER USER X IDENTIFIED BY NEWPASSWORD.

Cheers,

Norm [ TeamT ].

Sent from my Android device with K-9 Mail. Please excuse my brevity.

To reply, please reply-all to this email.

Stop receiving emails on this subject.

Or Unsubscribe from Oracle notifications altogether.

Toad World - Oracle Discussion Forum

Flag
this post as spam/abuse.

Wim de Lange

Senior IT expert

ALcontrol Laboratories

Steenhouwerstraat 15

3194 AG Rotterdam NL

Tel +31 10 23 14 724 • Mobile +31 65 15 34 387

Fax +31 10 41 63 034

e-mail W.deLange@alcontrol.nl •
www.alcontrol.com

  • The information in this e-mail is confidential and may also be legally privileged.The contents are intended for recipient only and are subject to the legal notice available at: www.alcontrol.nl. Registered Office:Alcontrol BV, Steenhouwerstraat 15, 3194 AG Rotterdam.*

Ok. Thanks. I understand better.

You could set up a reasonably simple PHP application to do this I suspect. If it’s just to change the oracle password for the non LDAP users be aware that you can’t obtain the current password to check. Unless you read my blog article on the matter! qdosmsq.dunbar-it.co.uk/blog/2013/11/so-how-do-you-change-a-users-password/ which attempts to explain things.

Good luck

Cheers,

Norm [ TeamT ].

Sent from my Android device with K-9 Mail. Please excuse my brevity.