Tag: security sys password lock

November 13

I am currently busy trying to lock down (secure wise) APEX, which is, to say the least, very hard… Anyway one of my tricks from the old days (the days you couldn’t lock an account / database schema), was to lock an user account via the following alternative use of the ALTER USER statement

ALTER USER {username} IDENTIFIED BY VALUES ' {String} '

of course nowadays you can use the more complete syntax

ALTER USER {username} IDENTIFIED BY VALUES ' {String} ' ACCOUNT LOCK

Most of the time this method is used to reset the password to its original value.

I noticed in my (secured) Oracle 11g EE database version that passwords are not shown anymore via DBA_USERS