This content has been marked as final. Show 7 replies
And what is the problem?
Somebody use this command to change my database password."ALTER USER user_name IDENTIFIED BY new_password;". Is there any command to inactive this query. The result shows password won't change.
I'm sorry, but I can't catch an idea.
If you want to change users password back, then issue this command under required user or SYS/SYSTEM.
If you want to track such commands - use AUDIT
If you want system to reject such commands - use Database Firewall.
your description is arguably vague but suppose your case is this:
I left my sqlplus session open when going to lunch and lo and behold someone changed my password!
Remedy: ask your DBA to assign a limit with a password_verify_function to your user profile, then
the above will no longer work and to change the passsword the old password must be supplied:
ALTER USER user_name IDENTIFIED BY new_password REPLACE old_password;
hope this helps, otherwise provide a more clear problem description.
Edited by: hnapel on Mar 5, 2012 5:37 AM
only SYS user can fire the command ." ALTER USER user_name IDENTIFIED BY new_password; " .
for this you should contact DBA team . or you can request to DBA to change to the old password .
FYI you can not prevent sys or DBA user to execute or change you password .
i guess you got an idea . . .
only DBA has this right to execute the statement.
I am testing my new OTN credentials here .... so Hi :)
A user can issue ALTER USER for their own account.. and a user with ALTER USER system privilege can do the same for any account.
Note ALTER USER is plaintext so best using "by values" or the encrypted sql*plus "password" command.