Friday, November 22, 2013

How to retrieve the hash value for a password in Oracle 11g

As we all know, Oracle has decided to do not show the hash value for the password on the dba_users view.

The problem:
Saving your passwords to a file as below does not work anymore:


SELECT 'ALTER USER ' || username || ' identified by values '''|| password || ''';' FROM dba_users;


This is necessary, in our case, for releases, DEV/QA refreshes, etc…

The solution:
I first wrote the following query:


MYUSER@mydb> SELECT substr (trim(DBMS_METADATA.get_ddl ('USER','MYUSER')),
2 REGEXP_INSTR(trim(DBMS_METADATA.get_ddl ('USER','MYUSER')),'''',1,1,0,'m'), 20
3 ) PASSWD
4 FROM DUAL;
PASSWD
--------------------------------------------------------------------------------
'2YYYYY4DXXXXXX'


Note.- The hash value has been modified for security reasons.
I was working under the assumption Oracle will not change the algorithm any time soon (currently the length is 16 characters); but I also found “dangerous” to make this assumption.
So my next query is:

select REGEXP_SUBSTR(DBMS_METADATA.get_ddl ('USER','MYUSER'), '''[^'']+''') PASSWD from dual;

which I find more elegant.

MYUSER@MYDB> select REGEXP_SUBSTR(DBMS_METADATA.get_ddl ('USER','MYUSER'), '''[^'']+''') PASSWD from dual;
PASSWD
--------------------------------------------------------------------------------
'XXXXX4YYYYYZZZZZZ'
The code we need to use from now on is:

select 'alter user '||username||' identified by values '||REGEXP_SUBSTR(DBMS_METADATA.get_ddl ('USER',USERNAME), '''[^'']+''')||';' from dba_users

No comments:

Post a Comment