7 Replies Latest reply: Jul 20, 2012 8:27 AM by 948831 RSS

    Password

    919719
      Hello Friends,
      Somebody use this command to hack my password. ALTER USER user_name IDENTIFIED BY new_password; . How can i solve this problem.
        • 1. Re: Password
          NikolayIvankin
          And what is the problem?
          • 2. Re: Password
            919719
            Hello Friend,
            Somebody use this command to change my database password."ALTER USER user_name IDENTIFIED BY new_password;". Is there any command to inactive this query. The result shows password won't change.
            • 3. Re: Password
              NikolayIvankin
              I'm sorry, but I can't catch an idea.

              If you want to change users password back, then issue this command under required user or SYS/SYSTEM.
              If you want to track such commands - use AUDIT
              If you want system to reject such commands - use Database Firewall.
              • 4. Re: Password
                Harm Joris ten Napel-Oracle
                Hi

                your description is arguably vague but suppose your case is this:

                I left my sqlplus session open when going to lunch and lo and behold someone changed my password!

                Remedy: ask your DBA to assign a limit with a password_verify_function to your user profile, then
                the above will no longer work and to change the passsword the old password must be supplied:

                ALTER USER user_name IDENTIFIED BY new_password REPLACE old_password;

                hope this helps, otherwise provide a more clear problem description.

                greetings,

                Harm

                Edited by: hnapel on Mar 5, 2012 5:37 AM
                • 5. Re: Password
                  813964
                  only SYS user can fire the command ." ALTER USER user_name IDENTIFIED BY new_password; " .

                  for this you should contact DBA team . or you can request to DBA to change to the old password .

                  FYI you can not prevent sys or DBA user to execute or change you password .

                  i guess you got an idea . . .
                  • 6. Re: Password
                    kuljeet singh -
                    only DBA has this right to execute the statement.
                    • 7. Re: Password
                      948831
                      I am testing my new OTN credentials here .... so Hi :)

                      A user can issue ALTER USER for their own account.. and a user with ALTER USER system privilege can do the same for any account.

                      Note ALTER USER is plaintext so best using "by values" or the encrypted sql*plus "password" command.

                      HTH
                      P