This site has been destroyed by Google forced upgrade to new way of WEB site.
All files links are not working. Many images has been lost in conversation.
Have to edit 190 pages manually. Will try to do ASAP but for this I need time ...
THANK YOU GOOGLE !

Monday, June 3, 2013

Retrieve Oracle password from Toad for Oracle

One of the oldest feature Dell Toad has is saving login passwords. This is accomplish easy with enabling check box "Save passwords" on login screen.
The whole connection process is defined through three files located in %USERPROFILE%\AppData\Roaming\Quest Software\Toad for Oracle\11.6\User Files\, where "11.6" is Toad version and may vary in your cases:
  1. CONNECTIONS.INI
  2. CONNECTIONACTIONS.INI
  3. CONNECTIONPWDS.INI
Passwords are stored in encrypted way in CONNECTIONPWDS.INI file. However they are not exposed in any normal way (you can read them) but only to use them as login without knowing password, which was once placed. This may raised some security issue, which I'll cover at the end. But having stored passwords allow Toad many beautiful automation and wide a lot actions that might need password as input. However, saving passwords also gave me additional feature (which is originally mine trick)-a way to retrieve Oracle passwords from any saved connection.

The solution

The trick is based on another Toad for Oracle feature-get SQL for any kind of DDL action, which was performed through GUI, in this case creating db link. Here is what you have to do to retrieve scott password:
  1. Connect in Toad as any user for which you DO NOT WANT TO RETRIEVE password (in mine case this is vadas user)
  2. Choose Database|Create|DB Link menu item
  3. Fill data as shown in the picture:

    As you can see I have chosen scott user and password is automatically retrieved from saved passwords file.
  4. Choose Show SQL as shown in the picture and you'll get pure SQL which contains password

And that's it! Pretty cool isn't it?
The trick is working for every user's password. In next case I'm showing how to retrieve sys password, retrieved through scott connection.

The End

Someone might say this is security issue, but I do strongly think it is not! Mentioned file with stored passwords is encrypted with two keys:
  1. Domain user name
  2. Some kind of workstation unique hash value
These ensures that password file cannot be copied to another workstation and Domain admins (or other privileged users on that workstation) cannot use that file in any way! For me this is more then fair insurance.

Keep in mind that newer releases of Toad do not use "workstation unique hash value", but only domain username as a pattern for hashing. Check and test before dropping old laptop data. For the end let me tell that if someone find storing password as a security issue regardless motioned, he/she can always disable that option and live with shorter
Hope this helps someone.

Cheers!
at Monday, June 03, 2013

39 comments :

  1. AnonymousJune 4, 2013 at 8:02 AM

    Very nice hint. Keep on sharing things dude.

    ReplyDelete
  2. AnonymousJuly 17, 2013 at 2:52 AM

    Thank you.

    ReplyDelete
  3. Damir VadasJuly 17, 2013 at 10:00 AM

    Glad to help you guys.
    Right now I'm asking Dell technical stuff to leave that "hidden" feature in future versions ...

    ReplyDelete
  4. UnknownJuly 24, 2013 at 8:45 AM

    Great thanks brother

    ReplyDelete
  5. UnknownAugust 1, 2013 at 2:43 PM

    Wooow..simple and on point

    ReplyDelete
    Replies
    1. Damir VadasAugust 1, 2013 at 4:25 PM

      I'm not sure, now when I left genie out of the bottle, Dell's management might shutdown this feature if they found out ....
      8(

      Delete
  6. AnonymousSeptember 2, 2013 at 12:56 PM

    woow. simple yet a gr8 trick.

    ReplyDelete
  7. Billy NguyenSeptember 12, 2013 at 8:25 AM

    Wow, great work!!!
    Thanks very much!

    ReplyDelete
  8. AnonymousOctober 10, 2013 at 6:00 PM

    Thanks!! this saved a ton of trouble...

    ReplyDelete
  9. IoTillerOctober 13, 2013 at 8:31 PM

    Thank you for sharing this very good job.

    When I searched for solution of lost password problem (and found your great solution), I found one online web service which get you all your toad passwords as html document, you just need have access to connectionpwds.ini file on your hard drive:

    http://www.talkingbyte.com/index.php?page=connectionpwds

    ReplyDelete
    Replies
    1. Damir VadasOctober 14, 2013 at 9:33 AM

      Radovan,
      THX for your post.
      Your link shocked me. I thought things are little more complicated.
      Brg
      Damir

      Delete
    2. AnonymousApril 10, 2014 at 6:17 PM

      Did you consider a security issue posting the passwords file to a third party?

      Delete
    3. Damir VadasApril 10, 2014 at 6:20 PM

      do not follow you!?
      Please explain.

      Delete
  10. AnonymousNovember 18, 2013 at 11:34 AM

    Thank you very much, I was in a dilemma on how to deal with this issue as I wanted to login into the database to resolve something quickly.
    Your resolution came to the rescue and made my day :) ...My sincere thanks to you....

    ReplyDelete
  11. AnonymousJanuary 8, 2014 at 6:29 PM

    Excelente!!! Muchas gracias!!! :D

    ReplyDelete
  12. UnknownJanuary 22, 2014 at 9:15 AM

    Gr8 Trick. Hvala:)

    ReplyDelete
  13. AnonymousJanuary 30, 2014 at 8:34 AM

    Thanks a lot for the trick

    ReplyDelete
  14. Damir VadasMarch 22, 2014 at 7:14 AM

    Genie was left out of the bottle...

    ReplyDelete
  15. sagarApril 14, 2014 at 12:31 PM

    this is the best way to retrive password from Toad

    ReplyDelete
  16. KirdelJune 4, 2014 at 9:52 PM

    this really works!!! THANKS

    ReplyDelete
  17. UnknownAugust 19, 2014 at 9:38 AM



    this is a best blog all recovery service provide in this blog other information our site recoveryourpassword

    ReplyDelete
  18. AnonymousOctober 9, 2014 at 11:34 AM

    Best blog...thank you.

    ReplyDelete
  19. hiFebruary 27, 2015 at 8:03 PM

    recovered my password..very useful info for those who are using TOAD...thanks!!

    ReplyDelete
  20. AnonymousJune 3, 2015 at 5:57 AM

    wooow... this trick is working, thanks a lot

    ReplyDelete
  21. VijaySeptember 24, 2015 at 5:33 PM

    Excellent - Thank you so very much!!

    ReplyDelete
  22. AnonymousDecember 14, 2015 at 8:53 PM

    What about TOAD for MySQL ? any trick ?

    ReplyDelete
  23. JagsJanuary 27, 2016 at 4:59 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  24. UnknownJune 8, 2016 at 10:18 AM

    Thank You so much

    ReplyDelete
  25. UnknownNovember 3, 2016 at 1:58 PM

    Thank for your Good work.

    ReplyDelete
  26. UnknownJune 24, 2018 at 6:03 PM

    Thank you very much for the post... Saved me a days of time

    ReplyDelete
  27. UnknownDecember 21, 2018 at 4:17 PM

    Worked with 10.6
    manyyy thanks

    ReplyDelete
  28. Abhi RajpootDecember 11, 2019 at 3:59 PM

    good job

    ReplyDelete
  29. AnonymousJune 15, 2020 at 6:47 AM

    No more works with Toad 13.1 Genie is locked in bottle again :)

    ReplyDelete
    Replies
    1. Damir VadasJune 15, 2020 at 10:43 AM

      i know...already took message that I have loose ghost from the bottle.

      Delete
  30. Mohammad KalbounehOctober 13, 2020 at 3:02 AM

    man that helped me like more than you can think

    ReplyDelete
  31. luckysFebruary 3, 2021 at 1:20 PM

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments ( Atom )

Zagreb u srcu!

Copyright © 2009-2018 Damir Vadas

All rights reserved.

Sign by Danasoft - Get Your Sign