1. Get rid of all advertisements and get unlimited access to documents by upgrading to Premium Membership. Upgrade to Premium Now and also get a Premium Badge!

SYS and SYSTEM password

Discussion in 'SQL PL/SQL' started by anom217, Dec 14, 2010.

  1. anom217

    anom217 Guest

    During installation of my product I have some SQL scripts executed as the SYS user to make changes to an Oracle database. To execute the scripts, I need to get the password for the database from the user, who is queried for it in a dialog. The problem I run into is when authenticating the password as the SYS user, which necessitates AS SYSDBA, the password validation will always succeed because Windows authentication is enabled and the Windows user is part of the ora_dba group. So even if an incorrect password is entered, it will still work.

    I don't like this. I considered using SYSTEM to validate the password being entered, and then SYS to execute the scripts, but that won't work if SYSTEM and SYS have different passwords.

    Does anyone have a good solution for this? I can't alter the environment, and I know the Windows authentication will be enabled and the scripts must be executed as SYS, but I want the password validation to actually work and reject incorrect passwords.

  2. zargon

    zargon Community Moderator Forum Guru

    Likes Received:
    Trophy Points:
    Aurora, CO
    You cannot reject invalid sys passwords due to the Windows confoiguration. Remember with this authentication scheme you can successfully connect without a username or password:

    SQL> connect / as sysdba

    thus any text supplied as a password will be ignored.