As a DBA it is often useful to change a user’s database password for testing, but what if you don’t know the user’s original password so you can change it back when you’re done?

There is no easy way to decipher the encrypted password, but you can view it. What you can do is copy the user’s encrypted password, change the password to a known value for testing with the normal alter user command, then replace the original password with a special alter user command.

In my case I am actually using this to synchronize passwords between two databases to assure database links work properly. This will only work if the usernames are identical.

Here is an example of how I am using this technique to synchronize passwords:

First we want to set up a user with a known password

In the original database:

SYS:TEST> alter user jemmons identified by copyme;

User altered.

SYS:TEST> select username, password from dba_users where username='JEMMONS';

USERNAME PASSWORD
------------------------------ ------------------------------
JEMMONS EAEC44107194EBC6

Now we connect up to the database we want to clone the password to. Note the first attempt to connect as jemmons fails as that is not the assigned password.

In the database you want to copy the password to:

nolog> conn jemmons/copyme;
ERROR:
ORA-01017: invalid username/password; logon denied

nolog> conn / as sysdba
Connected.
nolog> alter user jemmons identified by values 'EAEC44107194EBC6';

User altered.

Elapsed: 00:00:00.01
nolog> conn jemmons/copyme;
Connected.

Now we see that this only works if the usernames are identical. This is because the hashed password is based on a combination of the password provided and the username.


nolog> conn / as sysdba
Connected.
nolog> alter user ken identified by values 'EAEC44107194EBC6';

User altered.

nolog> conn ken/copyme;
ERROR:
ORA-01017: invalid username/password; logon denied

Warning: You are no longer connected to ORACLE.

If you want to know more on this, check out article from red-database-security.com

Note: This was done on a 9i database. This may or may not work across versions.

Technorati tags: , , , ,

Originally written in 1990, the Optimal Flexible Architecture (OFA) whitepaper still stands as the best-practices for oracle databases. In my time as an Oracle database administrator I have often seen DBAs using these standards, having learned them from senior DBAs, who did not realize the OFA standard exists.

Cary V. Millsap of Oracle Corp. offers this description in this distribution of the whitepaper:

The OFA Standard is a set of configuration guidelines that will give you faster, more reliable Oracle databases that require less work to maintain. The OFA Standard is written by the founder of the Oracle team responsible for installing, tuning, and upgrading several hundreds of sites worldwide since 1990—this paper is based on the best practices of those hundreds of sites. Today the “Optimal Flexible Architecture’’ described in the OFA Standard is built into the Oracle configuration tools and documentation on all open systems ports.

The benifits of the OFA standard go beyond performance and stability. When I started at Plymouth State University 18 months ago I quickly recognized the signs of an OFA environment (mostly partitions named /u01 and /u02.) Having identified that, I immediately knew where to find nearly all data and configuration files.

The guidelines that OFA provides can be easily adapted to other modern multi-user applications including web servers, application servers and other breeds of database. I offer the OFA whitepaper here as I have found it increasingly difficult to find on the web.

The OFA Standard-Oracle for Open Systems

oracle, sql, dba, database administration, database development, database security, database, oracle security

Google is a great (arguably the best) resource for keyword searching on the internet, but many folks don’t realize what else Google is capable of.

Here is a short list of things I use Google for, beyond just searching.

Track packages – Enter a package tracking number for any carrier (I’ve tried UPS, FedEX and USPS) and Google will give you a link to track the package. It’s usually easier and quicker than using the carrier’s page.

Movie show times – Type “movie:” and your zip code or city/state and get a listing of local movie theatres, movies and show times.

Phone number to name and address – Type in a listed phone number and get a name and address of the owner of the number. This is great for finding the address of businesses.

Get a map for a city – Type in a US zip code or city, state and get a link to the map for that zip code.

Define a word – Type “define: ” in the search box followed by a word you want defined and get a definition of that word.

Do math – Google is capable of most mathematic functions. Just type the math you want to do right in the search box and hit search. The result will be at the top of the list. You could write a chapter on just this feature, but most of the functions are defined on this help page.

Convert to and from roman numerals – Enter a search like “28 in roman numerals” or “MCMLXVI in decimal” and get a quick conversion. You will need to put the roman numeral in all capial letters.

Measurement unit converter – Convert measurements of anything from cooking ingredients to rotational force just by typing a search like “2 cups in tablespoons”

Currency converter – Similar to the measurement converter, just type something like “32 US Dollars in British Pounds” and get a quick currency conversion.

So you can see that Google wants to be much more to us than just a search engine. Learn more on this Google help page or try some of the tricks through the search box below. Enjoy!



Google

Technorati tags: , , , , ,

Below are some of my favorite Oracle related web resources. Most have information on databases and Oracle Application Server. There are, of course, countless sites out there on the topic. These are just a few of the ones I prefer.

tahiti.oracle.com – This quick URL gives you direct access to the current Oracle documentation (with a free OTN account.) It’s a good quick back-door way into the oracle docs.

asktom.oracle.com – I don’t know the whole story on this guy, but he seems to work for (or closely with) Oracle answering user submitted questions. There are thousands of questions and answers on all things Oracle.

otn.oracle.com – Oracle’s Technology Network is the official source for tech news from Oracle. It is to the techies what www.oracle.com is to the business folks.

orafaq.com – More Oracle question and answer listings. Also a very useful and comprehensive glossary.

rittman.net – Mark Rittman’s Oracle Weblog is a fantastic resource with a focus on data warehousing and business intelligence. One of the best sites by an individual.

Technorati tags: , , , ,

In fall of 2004, Zach Tirrell and I developed these steps to lend consistency to the evaluation of products to met the technological needs of our constituents.

In building this, our main concerns were that all potential users and stakeholders were identified and involved before product choices were discussed, that open source and homegrown applications be considered alongside commercial solutions, and that all peripheral costs (support, upgrades, hardware, training) be considered as part of the price of implementation.

Sadly this did not gain widespread adoption in our department. Despite that, some of us have followed these steps and found the process useful.

In the future I may elaborate on these steps; however I consider most of them self-explanatory. Please feel free to post comments if you have any questions about these steps.

10 Steps to a better product choice

The following steps are designed to be used in conjunction with normal project management procedures to ensure due process is given when considering technical solutions.

  1. Determine initial user base and stakeholders
  2. Determine requirements and dependencies (desired features, architecture, budget, etc.)
  3. Re-evaluate user base and stakeholders
  4. Repeat step 2 for new user base and stakeholders if necessary
  5. Identify 3 or more potential solutions. Consideration should be given to what products are used in other similar institutions. Commercial, open source, and homegrown solutions should all be considered
  6. Compare the delivered features of each potential solution against the defined requirements and dependencies and list any additional benefits
  7. Estimate the implementation costs and timeline for each potential solution. Estimate ongoing costs including licensing, server upgrades, IT support, helpdesk, product upgrades, patches, etc.
  8. Compile report including return on investment, costs, requirement/dependency fulfillment, and features
  9. Choose the solution which best fits the requirements and dependencies
  10. Implement the new product

project management, technology, software, software evaluation, product development, management

« Previous PageNext Page »