Home » RDBMS Server » Security » How to identify source of password changes (Oracle 10, Solaris SPARC)
How to identify source of password changes [message #337675] Thu, 31 July 2008 10:45 Go to next message
lvirden
Messages: 6
Registered: August 2007
Location: Ohio
Junior Member

I have a situation where we have a vendor product installed on one of our machines. It stores data in oracle tables. Each project that is managed has its own oracle login, and its own oracle tables.

We have had, in the past 5 months or so, several cases where suddenly the password for one of these project oracle login changes. The humans responsible for the product each have indicated they did nothing that would change the password. The vendor reports their product has no capability to change an oracle password - the administrator must do that kind of operation manually, then update the vendor product's record of the password for the project.

So we either have a program that is running in the environment changing the password, a table containing the password that has data corruption, or an unknown person changing passwords.

So in an ideal world, I would be able to accomplish two things.
1. Identify what is causing the password changes.
2. Stop that from happening.

To accomplish 1. would seem to require me to convince oracle to tell me details about the password change itself - who requested it, when, information about the connection (from what PC or server, etc.).

To accomplish 2. would either require me to complete 1 and then take some technical or administrative action (stop the program or user from changing the password) OR require me to configure the oracle login in some manner to make changing of the password take more effort than currently is the case.

I am wondering whether anyone reading this forum has some ideas on how to accomplish either of these tasks.

Thank you for your time.
Re: How to identify source of password changes [message #337676 is a reply to message #337675] Thu, 31 July 2008 10:55 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
http://www.orafaq.com/forum/t/88153/0/
Please read & follow posting guidelines as stated in URL above

Is this enough of a clue for you?

SQL> desc user_history$
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 USER#                                     NOT NULL NUMBER
 PASSWORD                                           VARCHAR2(30)
 PASSWORD_DATE                                      DATE
Re: How to identify source of password changes [message #337677 is a reply to message #337675] Thu, 31 July 2008 10:57 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
For the second question,
use a password verify function.
something like this. With newer versions, there are better options

http://www.orafaq.com/forum/m/58066/42800/?srch=password_verify_function#msg_58066
Re: How to identify source of password changes [message #337678 is a reply to message #337675] Thu, 31 July 2008 11:04 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
You can also use a database trigger to prevent from password change and logging who is trying to do it.

Regards
Michel
Previous Topic: Import Fails with error missing or invalid privilege
Next Topic: How to check the privileges given to user
Goto Forum:
  


Current Time: Thu Mar 28 15:02:38 CDT 2024