Forgive me for not understanding the question, but I'm not sure what you mean ?!
Actually, I "played" some more and I think am a step farther...
The Test User accounts were setup with Passwords of "FAKEPW". Once they were changed to a 8 character password "12345678" the Update works, but ignores the verification on the password matchup. (before the update can occur, the typed in "old Password" must match the Stored PW (which is decrypted)).
The change occurs everytime reguardless of the verification (I did a raised error and it verifies that the PW's are different too).
When the DB/Stored PW is decrypted, it is in a 9 number format, which is different then what was typed in ?! Why?!
Actually no, I don't have that ORA Error Doc, but wouldn't mind having it ?!
You can email it to:
Any ideas on why the Password isn't Decrypting correctly?!
- USer Puts in "ABBY" as their Password.
- SP Encrypts the PAssword with a Key "12345678" and stores it to the table as "&%&%&%".
- The User comes back in and does another SP in which the PAssword is Decrypted with the same key and the returned result is "256587418", when it should come back as "ABBY"
Ideas Why ?! or how to get the "Real" Password or do I need to take the "new pw", encrypt it and then decrypt it and then do the compare ?!
As a follow up to previous postings, I have changed the way the process is going to work (as someone told me that the DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT is a one way deal and once it is encrypted, it can't be brought back to "real words".
So, I have decided to leave the Encrypted PW from the DB and Encrypt the Newly Entered PW and when they match, then the update will fire.
(Example: instead of "abby" = "abby", it will now be when "tuàe-Å=" = "tuàe-Å=")
The piece of code that is suppose to handle this is, but isn't is...
if rtrim(ltrim(v_encrypted_string)) = rtrim(ltrim(cur_users_rec.password)) then
p_error_msg := 'Invalid Userid/Password .. ' ;
p_error_id := 3 ;
Raise_application_error(-20199,'MISMATCH !!!! ---->*** ENTERED PW='||v_encrypted_string||' *** DB PW = '||cur_users_rec.password);
When the Raise Error Appears, they do match, but the IF Statement doesn't catch it ?!