RE: Question re inserting hashed strings (I think)

  • From: "Bobak, Mark" <Mark.Bobak@xxxxxxxxxxxx>
  • To: "wjwagman@xxxxxxxxxxx" <wjwagman@xxxxxxxxxxx>, Jared Still <jkstill@xxxxxxxxx>
  • Date: Fri, 24 Apr 2009 18:35:13 -0400

Hi Bill,

If you suspect non-printable characters, try:
select dump(hashed_value) from table;

You'll the length of the string and the value of each character, including 
non-printable characters.

-Mark
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [oracle-l-bounce@xxxxxxxxxxxxx] On Behalf 
Of William Wagman [wjwagman@xxxxxxxxxxx]
Sent: Friday, April 24, 2009 18:02
To: Jared Still
Cc: Oracle-L Freelists
Subject: RE: Question re inserting hashed strings (I think)

Hi Jared,

Moving things won’t cause the app to break, it is merely necessary to change a 
password from within the application when the users password is changed at the 
database level as the user’s password (only the application manager account by 
the way) it must also be changed through the application. That is known. So for 
example if I do the following…

SQL> alter user <user-in-question> identified by newpassword;

Then I must also go into the management section of the application and change 
the password there as well. This password string is then hashed (I’m pretty 
sure) and then stored in the password field in the aforementioned table. I can 
see the string if I select the password  field from that table but I can’t 
stuff it back into the column successfully. I have found the code which is 
updating that field, it does something like…

Update <table> set password = :some-bind-variable;

Where the bind variable has already been hashed. I know what the string looks 
like, I see it when I do a select, but I suspect the string contains 
non-printing characters which is why I can’t get it.

I’m probably not doing a very good job of explaining this but if you have any 
further thoughts I’d appreciate hearing them.

Thanks.

Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman@xxxxxxxxxxx
(530) 754-6208
From: Jared Still [mailto:jkstill@xxxxxxxxx]
Sent: Friday, April 24, 2009 2:49 PM
To: William Wagman
Cc: Oracle-L Freelists
Subject: Re: Question re inserting hashed strings (I think)

On Fri, Apr 24, 2009 at 11:48 AM, William Wagman 
<wjwagman@xxxxxxxxxxx<mailto:wjwagman@xxxxxxxxxxx>> wrote:
The update is accepted but it is apparently not the correct string as users are 
unable to connect and I must then go in through the application and update the 
password. I don't know how the application hashes the password.

Do you have any idea what function is being used to generate the hash?

Could be an environmentally dependent value is being used as part of the
string to generate the hash.

If so, it might be a good idea to ask them to rethink that process, as
moving the database to a new server ( or some dependency - IP? )
causes the app to break.


Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist


--
//www.freelists.org/webpage/oracle-l


Other related posts: