Reputation: 11
Retrieving Oracle Password_Verify_Function
I am an IS auditor and I would like to check how we can retrieve the PASSWORD_VERIFY_FUNCTION assigned to users. I understand the script utlpwdmg.sql can be executed to setup the default password resource limits.
If changes were made using ALTER PROFILE, the script utlpwdmg.sql will not show the latest settings.
Please let me know what SQL commands I can execute to show what is the PASSWORD_VERIFY_FUNCTION stored and used in the system.
Upvotes: 1
Views: 20082
Answers (2)
Reputation: 2161
You can use this query to see source code of stored proc:
--Source of all password functions.
select *
from dba_source
where owner = 'SYS'
and name in
(
--The name of all password functions in use.
--See DBA_USERS.PROFILE to determine which user is using which profile.
select limit
from dba_profiles
where resource_name = 'PASSWORD_VERIFY_FUNCTION'
--Yes, this is intentionally the string 'NULL', that's what Oracle uses here.
and limit <> 'NULL'
)
order by name, line;
Upvotes: 2
Reputation: 1
To find out what users are using PASSWORD_VERIFY_FUNCTION, you need to find out which profiles are using the function and then see which users are assigned that profile.
select profile from dba_profiles where limit = 'PASSWORD_VERIFY_FUNCTION'; select username from dba_users where profile = ;
Upvotes: -1
Related Questions
- Forgot Oracle username and password, how to retrieve?
- Recover System Password Oracle XE
- How to retrieve body of "verify_function" Oracle 11g
- Retrieving password from an oracle package
- My secret password in oracle won't output
- Oracle password verify function default
- How to verify a specific user password in oracle 6i?
- password verify function error ora - 06503
- password_verify_function in oracle 12c
- How to write sql statement to restore 11g oracle database user's password