Database Reference
In-Depth Information
The following environment variables are used to point to the JDBC classes, so you will need to set local
equivalents to these variables to enable your code to work.
[oracle@orlin java]$ echo $CLASSPATH
/usr/lib/oracle/11.1/client64/lib/:/usr/lib/oracle/11.1/client64/lib/ojdbc6.jar:.
[oracle@orlin java]$ echo $LD_LIBRARY_PATH
/usr/lib/oracle/11.1/client64/lib
[oracle@orlin java]$ echo $JAVA_HOME
/usr/java/jdk1.6.0_29
What follows is a demonstration of the classes' successful usage:
[oracle@orlin java]$ javac EncEPV.java
[oracle@orlin java]$ java EncEPV
Password Changed
**/
Perl Pre-Hash Generation
Alternatively, Perl can be used to generate an Oracle password hash, which can be used to execute a remote
ALTER
USER IDENTIFIED BY VALUES '[HASH]'
command, thus avoiding sending the plaintext password over the network.
This is useful if the Oracle client being used does not support encryption. The following code implements the 10g
Oracle password algorithm, which is still commonly found and used, to generate the one-way password hash.
#!/usr/bin/perl
# ora_pwhash_gen.pl - A simple oracle 10g password hash generator
use Crypt::CBC;
my @input = ([$ARGV[0],$ARGV[1]]);
for my $input (@input)
{
my ($user_name, $password) = @{$input};
if ($user_name eq "") {
print <<_EOF_;
usage: ora_pwhash_gen.pl <Oracle user_name> <Oracle10gPassword>
./ora_pwhash_gen.pl scott tiger
scott F894844C34402B67
_EOF_
exit(0);
}
my $hash = &ora_hasher($user_name, $password);
printf "%s %s\n", $user_name, $hash;
}
sub ora_hasher
{
my ($user_name, $password) = @_;
my $user_pass = pack('n*', unpack('C*', uc($user_name.$password)));
$user_pass .= pack('C', 0) while (length($user_pass) % 8);
my $key = pack('H*', "0123456789ABCDEF");
