Home » RDBMS Server » Security » Can I log in into a user account without knowing his password?
Can I log in into a user account without knowing his password? [message #210739] Fri, 22 December 2006 02:29 Go to next message
vijaykumarsudi
Messages: 9
Registered: September 2006
Location: hyderabad
Junior Member

Hi All,
I have a question please.Can i login into a users account without knowing his password.I can change the password and login,but i want to login without the users knowledge.Please help me out.

Thanks in advance
Vijay
Re: Can I log in into a user account without knowing his password? [message #210744 is a reply to message #210739] Fri, 22 December 2006 03:02 Go to previous messageGo to next message
Littlefoot
Messages: 21806
Registered: June 2005
Location: Croatia, Europe
Senior Member
Account Moderator
If you (or anyone else) was supposed to login that way, passwords wouldn't be needed at all and the whole security concept would fail.

Besides, why would you want to do that? Your intentions might be honest, but - sincerely - I doubt it.
Re: Can I log in into a user account without knowing his password? [message #210768 is a reply to message #210739] Fri, 22 December 2006 04:40 Go to previous message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
>> without the users knowledge
If you have a DBA account, you can ***almost*** do everything on the user (Unless the FGA is enabled).
Would this help?
-change the password of user
-login as user and do the stuff
-logout and reset the password to whatever it was before you changed it (and you no need to know what the actual password was).
But still, if the user logs in during this period, the authentication will be denied and user gets to know something is happening.

Else as LittleFoot kindly said, there is no other way.
--
-- Assume the user to be logged in as ANOTHER_SCOTT.
-- The DBA user is SCOTT

SCOTT > select username,password from dba_users where username='ANOTHER_SCOTT';

USERNAME                       PASSWORD
------------------------------ ------------------------------
ANOTHER_SCOTT                  96D42B57E14BB951

SCOTT > alter user another_scott identified by something;

User altered.

SCOTT > connect another_scott/something;
Connected.

ANOTHER_SCOTT > show user;
USER is "ANOTHER_SCOTT"


ANOTHER_SCOTT > connect scott/tiger;
Connected.
--
-- reset the password to whatever it was before. You still do not know the exact text password.
-- 
SCOTT > alter user another_scott identified by values '96D42B57E14BB951';

User altered.

SCOTT > select username,password from dba_users where username='ANOTHER_SCOTT';

USERNAME                       PASSWORD
------------------------------ ------------------------------
ANOTHER_SCOTT                  96D42B57E14BB951

--
-- Let us crosscheck it by passing the text password (as i happen to know it :)
--

SCOTT > connect another_scott/another_tiger;
Connected.
ANOTHER_SCOTT >

[Updated on: Fri, 22 December 2006 04:41]

Report message to a moderator

Previous Topic: Fine Grain Access Control
Next Topic: OS Authentication
Goto Forum:
  


Current Time: Thu Mar 28 15:57:50 CDT 2024