Retrieve Oracle password from Toad for Oracle

转载 2015年11月17日 18:06:44

One of the oldest feature Dell Toad has is saving login passwords. This is accomplish easy with enabling check box "Save passwords" on login screen. 

The whole connection process is defined through three files located in %USERPROFILE%\AppData\Roaming\Quest Software\Toad for Oracle\11.6\User Files\, where "11.6" is Toad version and may vary in your cases: 
Passwords are stored in encrypted way in CONNECTIONPWDS.INI file. However they are not exposed in any normal way (you can read them) but only to use them as login without knowing password, which was once placed. This may raised some security issue, which I'll cover at the end. But having stored passwords allow Toad many beautiful automation and wide a lot actions that might need password as input. However, saving passwords also gave me additional feature (which is originally mine trick)-a way to retrieve Oracle passwords from any saved connection.

The solution

The trick is based on another Toad for Oracle feature-get SQL for any kind of DDL action, which was performed through GUI, in this case creating db link. Here is what you have to do to retrieve scott password:
  1. Connect in Toad as any user for which you DO NOT WANT TO RETRIEVE password (in mine case this is vadas user)
  2. Choose Database|Create|DB Link menu item
  3. Fill data as shown in the picture: 

    As you can see I have chosen scott user and password is automatically retrieved from saved passwords file.
  4. Choose Show SQL as shown in the picture and you'll get pure SQL which contains password 

And that's it! Pretty cool isn't it? 
The trick is working for every user's password. In next case I'm showing how to retrieve sys password, retrieved through scott connection. 

The End

Someone might say this is security issue, but I do strongly think it is not! Mentioned file with stored passwords is encrypted with two keys:
  1. Domain user name
  2. Some kind of workstation unique hash value
These ensures that password file cannot be copied to another workstation and Domain admins (or other privileged users on that workstation) cannot use that file in any way! For me this is more then fair insurance. 

Keep in mind that newer releases of Toad do not use "workstation unique hash value", but only domain username as a pattern for hashing. Check and test before dropping old laptop data. For the end let me tell that if someone find storing password as a security issue regardless motioned, he/she can always disable that option and live with shorter 
Hope this helps someone. 



获取MySQL加密密码并验证用户输入(登录界面),retrieve hashpwd from mysql and compare with input password on login

获取MySQL加密密码并验证用户输入(登录界面),retrieve hashpwd from mysql and compare with input password on login...

Toad for Oracle工具的使用(一)

在Oracle应用程序的开发过程中,访问数据库对象和编写SQL程序是一件乏味且耗费时间的工作,对数据库进行日常管理也是需要很多SQL脚本才能完成的。Quest Software为此提供了高效的Orac...
  • liqfyiyi
  • liqfyiyi
  • 2014年10月02日 09:56
  • 12360

Toad for Oracle 介绍

软件名称:《Toad for Oracle》 软件语言: 英语 运行环境: 2000/XP 软件大小: 53677K 软件分类: 编程开发/数据库工具 Toad for Oracl...

toad for oracle(导入导出实例)

【转】toad for oracle(导入导出实例) 收藏   toad for oracle(导入导出实例) 收藏  例: create user his identified...
  • lzp_lrp
  • lzp_lrp
  • 2013年05月30日 10:41
  • 12319

用toad for oracle将excel数据导入数据库

用toad for oracle将excel数据导入数据库 连接想要导入的数据库 ,然后Database->Import->Table Data打开了导入窗口,选择一个数据库表,点击Show Da...

Toad for Oracle工具的使用

转自:   Toad for Oracle工具的使用 出处:转载 [注意:单击图片可...
  • jackljf
  • jackljf
  • 2012年07月31日 10:23
  • 1074

toad for oracle

  • 2015年03月31日 10:48
  • 408KB
  • 下载

toad For Oracle 第二部分

  • 2013年01月25日 13:12
  • 31.2MB
  • 下载

通过 RMAN DUPLICATE...FROM ACTIVE DATABASE创建dataguard(for oracle 11g)

oracle 10g可以通过基于备份的rman DUPLICATE实现dataguard,通过步骤需要对数据库进行备份,并在standby侧进行数据库的恢复。而到了11g,oracle推出了Dupli...
  • hijk139
  • hijk139
  • 2012年08月06日 15:58
  • 3256
您举报文章:Retrieve Oracle password from Toad for Oracle