Wednesday, December 9, 2009

How Can a DBA switch to another database user without a password?

Users normally use the "CONNECT" statement to connect from one database user to another. However, DBAs can switch from one user to another without a password. Of course it is not advisable to bridge Oracle's security.

Say for example we are connecting with Scott user without knowing the password, after complete the task we have to restore the password of Scott.
[oracle@vasdbsrv ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Dec 9 13:07:58 2009
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
SQL> CONNECT / as sysdba
Connected.
SQL> SELECT password FROM dba_users WHERE  username='SCOTT';
PASSWORD
------------------------------
F894844C34402B67
SQL> ALTER USER scott IDENTIFIED BY tamimdba;
User altered.

SQL> CONNECT scott/tamimdba
Connected.

SQL> select * from emp;
[You will get data of scott user]

OK, we're in. Let's quickly change the password back before anybody notices.
SQL> ALTER USER scott IDENTIFIED BY VALUES 'F894844C34402B67';
User altered.

SQL> conn scott/tiger
Connected.


Posted by at
Labels: ,

1 comment:

  1. PrabalDecember 9, 2009 at 5:02 AM

    Nice topics...........
    Really interesting
    :)

    ReplyDelete

Subscribe to: Post Comments (Atom)