Can one switch to another database user without a password?
Users normally use the "CONNECT" statement to connect from one database user to another. However, DBAs can switch from one user to another without a password. Of course it is not advisable to bridge Oracle's security, but look at this example:
SQL> CONNECT / as sysdba
Connected.
SQL> SELECT password FROM dba_users WHERE username='SCOTT';
PASSWORD
--------------- ---------------
F894844C34402B67
SQL> ALTER USER scott IDENTIFIED BY anything;
User altered.
SQL> CONNECT scott/anything
Connected.
OK, we're in. Let's quickly change the password back before anybody notices.
SQL> ALTER USER scott IDENTIFIED BY VALUES 'F894844C34402B67';
User altered.
No comments:
Post a Comment