Comments on: ORA-00902 invalid datatype when trying to create a table with primary key based on two columns in Oracle 10g

By: techguys

techguys — Sat, 26 Jun 2010 03:28:52 +0000

I apologize for not explaining the useage of the table.
The table is used to store unique password and username combinations that were used in the past two years for each application user. So the actual senario is that one particular application user’s password expires every 90 days and he/she must change the password. The previousely used username and password combination must be stored in a table. Next time (after 90 days) when this same user changes his/her password the system has to check that the new password for this particular user must not be any of the passwords that have been used in the last two years. So, my question is this. How I can accomplish this requirement by making only username a primary key?

Thanks a lot

By: carlosdl

carlosdl — Sat, 26 Jun 2010 00:53:46 +0000

I didn't say that the purpose of the pk would be nullified if you use a cobination of two fields as primary key. I said it would nullify it in this specific case (for the reasons exposed by Mrdenny). We were assuming about the usage of this table since no information was provided in that respect. The user should be unique if this is the main user catalog, but I guess it is not. It seems that you will be using this table to store password change events only. If you create the primary key including the password, it won't allow the same user-password combination never (if you want to prohibit the use of the last 24 different passwords only, this is not the correct approach). On the other hand, if passwords are being stored encrypted, then, depending on the encryption method, the same password could result in a different string each time it is encrypted, and the pk would not prevent it from being stored.

By: techguys

techguys — Fri, 25 Jun 2010 23:18:00 +0000

The idea of making username and password a primary key is to prevent one user from entering the same password as any previously used 24 passwords during password change. In addition there is no any established rule to enforce username to be unique. In a table where username and password are stored, there are already duplicate usernames.
How this can be corrected?
Carlosdl: Can you explain how the purpose of primary key can be nullified if you use a cobination of two field as primary key?

Thanks

By: mrdenny

mrdenny — Fri, 25 Jun 2010 18:02:23 +0000

You should change the primary key to being just the username field. With the current primary key you can have two people with the same username, as long as they have different passwords. Putting the primary key on the username will allow you to have unique usernames.