Let say i have a password name T#mp
I want to change it to Hello
but if i use this following query with my user it wont compile as my old password contain #-signs
alter user MYUSER identified by Hello replace T#mp
I am using TOAD
I am changing my password to normal character because, #-signs also creating problem in SQL loader
sqlldr myuser/T#mp#prodcms control=loading.ctl
As #Wernfried Domscheit has shown, you have to enclose the old password in double quotes as shown below.
SQL> alter user sales_hr identified by password replace p#assword;
alter user sales_hr identified by password replace p#assword
*
ERROR at line 1:
ORA-00922: missing or invalid option
SQL> alter user sales_hr identified by password replace "p#ssword";
User altered.
Related
I'm creating a new report (*.rdl), and there I want to add username who runs the script (insert).
I've tried on VS2008 through "built-in-fields" function which is "User ID", but it didn't work:
CREATE TABLE #Some_Table
(
Plan_date date null,
Plan_customer int null,
creator_id nvarchar(55) null
)
INSERT INTO Some_Table
(
[Plan_date] ,
[Plan_customer],
[creator_id]
)
SELECT
#p_plan_monthly,
#p_plan_clients,
#creator_id ="user id" --from built-in-fields
Expected result is: Column creator_id is filling with value of username from active directory who made insert through my report.
To reiterate my comment, as it's is incredibly important:
"You need to use a different account to access your data #whitefang. The sa account should never be used for something as mundane as a report. In truth it should never be used unless you really need sysadmin privileges, or you're doing something like recovering the server. You should have a service account that can do the respective tasks it needs to. If you can suffer injection through those reports, you're service is like an open book to whomever has access."
Now, onto your problem. I would add a further internal parameter on your report. Change the value of the parameter to have the default value of =User!UserID; this will be the ID of the user running the report (perhaps something like StackOverflow\Larnu).
Then map that report parameter to your dataset parameter #creator_id and change your INSERT statement to:
INSERT INTO Some_Table ([Plan_date],
[Plan_customer],
[creator_id])
VALUES (#p_plan_monthly, #p_plan_clients, #creator_id);
Q: "and there I want to add username who runs the script (insert)"
You can use these functions.
-- database user name
SELECT USER_NAME()
-- login identification name
SELECT SUSER_NAME()
Does Oracle 12 support having the old password required when changing a password to a specific user?
What I would like:
ALTER USER user_a IDENTIFIED BY secret123;
-- ERROR, missing old password
ALTER USER user_a IDENTIFIED BY secret456 REPLACE secret123;
-- OK
ALTER USER user_b IDENTIFIED BY secret789;
-- OK, since user_b does not require old password when changing it
Thanks!
Yes, this is supported since Oracle 9i, when a function was introduced that checks a new password for complexity and optionally for difference to the old password. As Oracle stores only hashes, not the passwords, it cannot compare old and new passwords unless the user supplies it during the change.
So, all users with a PROFILE where the PASSWORD_VERIFY_FUNCTION is set are required to have the old password, even if this function doesn't check any passwords:
CREATE OR REPLACE FUNCTION always_true (
username VARCHAR2,
password VARCHAR2,
old_password VARCHAR2) RETURN boolean IS
BEGIN
RETURN TRUE;
END always_true;
/
CREATE PROFILE always_true
LIMIT PASSWORD_VERIFY_FUNCTION always_true;
CREATE USER user_a IDENTIFIED BY secret123 PROFILE always_true;
GRANT CREATE SESSION to user_a;
Now user_a has to specify the old password:
ALTER USER user_a IDENTIFIED BY secret123;
ORA-28221: REPLACE not specified
ALTER USER user_a IDENTIFIED BY secret456 REPLACE secret123;
User altered.
A user with a profile without PASSWORD_VERIFY_FUNCTION or this parameter set to NULL doesn't have to specify the old password:
CREATE PROFILE without_function
LIMIT PASSWORD_VERIFY_FUNCTION NULL;
CREATE USER user_b IDENTIFIED BY secret123 PROFILE without_function;
GRANT CREATE SESSION to user_b;
Now user_b can change his/her password without having the old password:
ALTER USER user_b IDENTIFIED BY secret789;
User altered.
The second option is to have the privilege ALTER USER, but that is only for administrators, as they can change all the passwords of all account.
Oracle docu says
You can omit the REPLACE clause if you are setting your own password for the first time or you have the ALTER USER system privilege and you are changing another user's password. However, unless you have the ALTER USER system privilege, you must always specify the REPLACE clause if a password complexity verification function has been enabled ...
so the answer would be - add a password verification function to those users that should provide the old password (and revoke the password change system privilege from them).
I have a problem with renaming user name to new username (I would like it to be shorter).
Original syntax should be like this:
ALTER LOGIN Mary5 WITH NAME = John2;
But my user has name like this: domain/name.lastname and sql server is giving me error, trying to execute this:
ALTER LOGIN mydomain\fname.lstname WITH NAME = shortername
Error:
Incorrect syntax near '\'.
I've tried to put both names in single quotes, which drops another syntax error. How to rename that user?
Normally you would specify the user with brackets like below. But apparently you cannot remove the domain from a user once it's been created with one. You must delete and recreate the user.
ALTER LOGIN [mydomain\fname.lstname] WITH NAME = [shortername]
When specifying a different domain user you will receive the following error: "The name change cannot be performed because the SID of the new name does not match the old SID of the principal.". Further suggesting you cannot simply alter a login based on a domain user.
a couple of days ago I installed oracle 12c. I ran it after a days or two but I completely lost my Username, I do remember my password but not username. I there any way by which I can see what username I set
Assuming that you can login as SYS, you can use:
select *
from dba_users
This will give all the users, including the one you defined; here you find something more.
There is new procedure for generating password since Oracle 11g. You can use
create or replace function get_hash_11g(p_password varchar2, p_salt varchar2) return varchar2 is
lv_pwd_raw RAW(128);
lv_enc_raw RAW(2048);
BEGIN
lv_pwd_raw := utl_raw.cast_to_raw(p_password) || hextoraw(p_salt);
lv_enc_raw := sys.dbms_crypto.hash(lv_pwd_raw, 3);
return lv_enc_raw;
end get_hash_11g;
/
Then run select
select w.name from sys.user$ w
where substr(w.spare4, 3, 40) = get_hash_11g(/*your password*/'&pass', substr(spare4, 43, 20));
/
Set up the following environment variables. They are not necessary for the process itself, but will help you navigate. In this case my domain is called "ClassicDomain". Remember to change the value to match your domain.
export MW_HOME=/u01/app/oracle/middleware
export DOMAIN_HOME=$MW_HOME/user_projects/domains/ClassicDomain
Shut down the WebLogic domain.
$ $DOMAIN_HOME/bin/stopWebLogic.sh
Rename the data folder.
$ mv $DOMAIN_HOME/servers/AdminServer/data $DOMAIN_HOME/servers/AdminServer/data-old
Reset the password using the following command. Remember to substitute the appropriate username and password.
$ cd $DOMAIN_HOME/security
$ java weblogic.security.utils.AdminAccount <username> <password> .
If you are able to invoke sqlplus then follow this:
sqlplus:/ as sysdba - this is the command needed to login as sys.
password: - don't give any password. Just hit enter
SQL> select username from dba_users; - this command will give list of users in the database.
this is my sample access database:
ID--UserName--Password--AccountType
1---- A123 --1234 --User
2-----B123 --1345 --Admin
I am using VS2012. In my VB.net Project I have username textbox, a password textbox,
and login button.
I add my database using a wizard. I can add, modify, delete, and query, but how to check if the entered username in username text box exists in UserName column?
I filled up my dataset using:
Me.UsersTableAdapter.Fill(Me.WSDataSet.users)
and if I want to get the user type I am using:
Me.WSDataSet.users.FindByUserName(IDtxt.Text).AcountType
but the main problem if user not exists I get the error below:
An unhandled exception of type 'System.NullReferenceException' occurred in user login.exe Additional information: Object reference not set to an instance of an object.
How can I check if the username exists or not?
Try doing this.
Dim user = Me.WSDataSet.users.FindByUserName(IDtxt.Text)
If not user is nothing Then
'Do what you want with the user object
Else
'Message User does not exist.
End If
you just check if the user exists then do what you want with it.