Retrieve Oracle password from Toad for Oracle

转载 2015年11月17日 18:06:44


http://damir-vadas.blogspot.co.uk/2013/06/retrive-oracle-password-from-toad-for.html?_sm_au_=i2VrD5qDJHHtH50L

One of the oldest feature Dell Toad has is saving login passwords. This is accomplish easy with enabling check box "Save passwords" on login screen. 

The whole connection process is defined through three files located in %USERPROFILE%\AppData\Roaming\Quest Software\Toad for Oracle\11.6\User Files\, where "11.6" is Toad version and may vary in your cases: 
  1. CONNECTIONS.INI
  2. CONNECTIONACTIONS.INI
  3. CONNECTIONPWDS.INI
Passwords are stored in encrypted way in CONNECTIONPWDS.INI file. However they are not exposed in any normal way (you can read them) but only to use them as login without knowing password, which was once placed. This may raised some security issue, which I'll cover at the end. But having stored passwords allow Toad many beautiful automation and wide a lot actions that might need password as input. However, saving passwords also gave me additional feature (which is originally mine trick)-a way to retrieve Oracle passwords from any saved connection.

The solution

The trick is based on another Toad for Oracle feature-get SQL for any kind of DDL action, which was performed through GUI, in this case creating db link. Here is what you have to do to retrieve scott password:
  1. Connect in Toad as any user for which you DO NOT WANT TO RETRIEVE password (in mine case this is vadas user)
  2. Choose Database|Create|DB Link menu item
  3. Fill data as shown in the picture: 

    As you can see I have chosen scott user and password is automatically retrieved from saved passwords file.
  4. Choose Show SQL as shown in the picture and you'll get pure SQL which contains password 

And that's it! Pretty cool isn't it? 
The trick is working for every user's password. In next case I'm showing how to retrieve sys password, retrieved through scott connection. 

The End

Someone might say this is security issue, but I do strongly think it is not! Mentioned file with stored passwords is encrypted with two keys:
  1. Domain user name
  2. Some kind of workstation unique hash value
These ensures that password file cannot be copied to another workstation and Domain admins (or other privileged users on that workstation) cannot use that file in any way! For me this is more then fair insurance. 

Keep in mind that newer releases of Toad do not use "workstation unique hash value", but only domain username as a pattern for hashing. Check and test before dropping old laptop data. For the end let me tell that if someone find storing password as a security issue regardless motioned, he/she can always disable that option and live with shorter 
Hope this helps someone. 

Cheers!
举报

相关文章推荐

Toad for Oracle 介绍

软件名称:《Toad for Oracle》 软件语言: 英语 运行环境: 2000/XP 软件大小: 53677K 软件分类: 编程开发/数据库工具 Toad for Oracl...

Toad for Oracle工具的使用

转自:http://blog.sina.com.cn/s/blog_4a93ccea0100ijd9.html   Toad for Oracle工具的使用 出处:转载 [注意:单击图片可...

我是如何成为一名python大咖的?

人生苦短,都说必须python,那么我分享下我是如何从小白成为Python资深开发者的吧。2014年我大学刚毕业..

获取MySQL加密密码并验证用户输入(登录界面),retrieve hashpwd from mysql and compare with input password on login

获取MySQL加密密码并验证用户输入(登录界面),retrieve hashpwd from mysql and compare with input password on login
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)