InstantForum.NET v4.1.4FranklinFaces.com - Oracle & SQL Server Database Forums for all IT Professionalshttp://www.franklinfaces.com/no-reply@FranklinFaces.comSat, 31 Jul 2010 07:26:42 GMT20http://www.franklinfaces.com/Topic126-97-1.aspxThere is a default password verify function under<SPAN style="FONT-WEIGHT: bold; COLOR: rgb(0,153,0)"> <FONT color=#113333>$ORACLE_HOME/rdbms/admin</FONT></SPAN> with filename <SPAN style="FONT-WEIGHT: bold; COLOR: rgb(0,153,0)"><FONT color=#113333>utlpwdmg.sql</FONT></SPAN>. This script creates a password verify function named "<FONT color=#113333><SPAN style="FONT-WEIGHT: bold; COLOR: rgb(0,153,0)"><FONT color=#113333>verify_function</FONT></SPAN>"</FONT> and alters the default profile with the below attributes:<BR><BR><FONT color=#117777>ALTER PROFILE DEFAULT LIMIT<BR>PASSWORD_LIFE_TIME 90<BR>PASSWORD_GRACE_TIME 5<BR>PASSWORD_REUSE_TIME 1800<BR>PASSWORD_REUSE_MAX UNLIMITED<BR>FAILED_LOGIN_ATTEMPTS 6<BR>PASSWORD_LOCK_TIME 1/1440<BR>PASSWORD_VERIFY_FUNCTION verify_function;</FONT><BR><BR>verify_function has the following attributes:<BR>- Check if the password is same as the username<BR>- Check for the minimum length of the password (default = 4)<BR>- Check if the password is too simple. A dictionary of words may be maintained and a check may be made so as not to allow the words that are too simple for the password. ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd' words are not accepted as password by default)<BR>- Check if the password contains at least one letter, one digit and one punctuation mark.<BR>- Check if the password differs from the previous password by at least 3 letters.<BR><P><FONT color=#113333><STRONG>Here is an example of the password verify function:</STRONG></FONT></P><P>CREATE OR REPLACE FUNCTION "SYS"."VERIFY_FUNCTION"<BR>(username varchar2,<BR> password varchar2,<BR> old_password varchar2)<BR> RETURN boolean IS<BR> n boolean;<BR> m integer;<BR> differ integer;<BR> isdigit boolean;<BR> ischar boolean;<BR> ispunct boolean;<BR> digitarray varchar2(20);<BR> punctarray varchar2(25);<BR> chararray varchar2(52);</P><P>BEGIN<BR> digitarray:= '0123456789';<BR> chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';<BR> punctarray:='!"#$%&amp;()``*+,-/:;&lt;=&gt;?_';</P><P> -- Check if the password is same as the username<BR> IF NLS_LOWER(password) = NLS_LOWER(username) THEN<BR> raise_application_error(-20001, 'Password same as or similar to user');<BR> END IF;</P><P> -- Check for the minimum length of the password<BR> IF length(password) &lt; 8 THEN<BR> raise_application_error(-20002, 'Password length less than 8');<BR> END IF;</P><P> -- Check if the password is too simple. A dictionary of words may be<BR> -- maintained and a check may be made so as not to allow the words<BR> -- that are too simple for the password.<BR>-- IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN<BR>-- raise_application_error(-20002, 'Password too simple');<BR>-- END IF;</P><P> -- Check if the password contains at least one letter, one digit and one<BR> -- punctuation mark.<BR> -- 1. Check for the digit<BR> isdigit:=FALSE;<BR> m := length(password);<BR> FOR i IN 1..10 LOOP<BR> FOR j IN 1..m LOOP<BR> IF substr(password,j,1) = substr(digitarray,i,1) THEN<BR> isdigit:=TRUE;<BR> GOTO findchar;<BR> END IF;<BR> END LOOP;<BR> END LOOP;<BR> IF isdigit = FALSE THEN<BR> raise_application_error(-20003, 'Password should contain at least one digit and one character');<BR> END IF;<BR> -- 2. Check for the character<BR> &lt;&lt;findchar&gt;&gt;<BR> ischar:=FALSE;<BR> FOR i IN 1..length(chararray) LOOP<BR> FOR j IN 1..m LOOP<BR> IF substr(password,j,1) = substr(chararray,i,1) THEN<BR> ischar:=TRUE;<BR>-- GOTO findpunct;<BR> GOTO endsearch;<BR> END IF;<BR> END LOOP;<BR> END LOOP;<BR> IF ischar = FALSE THEN<BR> raise_application_error(-20003, 'Password should contain at least one \<BR> digit and one character');<BR> END IF;<BR> -- 3. Check for the punctuation<BR>-- &lt;&lt;findpunct&gt;&gt;<BR>-- ispunct:=FALSE;<BR>-- FOR i IN 1..length(punctarray) LOOP<BR>-- FOR j IN 1..m LOOP<BR>-- IF substr(password,j,1) = substr(punctarray,i,1) THEN<BR>-- ispunct:=TRUE;<BR>-- GOTO endsearch;<BR>-- END IF;<BR>-- END LOOP;<BR>-- END LOOP;<BR>-- IF ispunct = FALSE THEN<BR>-- raise_application_error(-20003, 'Password should contain at least one \<BR>-- digit, one character and one punctuation');<BR>-- END IF;</P><P> &lt;&lt;endsearch&gt;&gt;<BR> -- Check if the password differs from the previous password by at least<BR> -- 3 letters<BR> IF old_password IS NOT NULL THEN<BR> differ := length(old_password) - length(password);</P><P> IF abs(differ) &lt; 3 THEN<BR> IF length(password) &lt; length(old_password) THEN<BR> m := length(password);<BR> ELSE<BR> m := length(old_password);<BR> END IF;</P><P> differ := abs(differ);<BR> FOR i IN 1..m LOOP<BR> IF substr(password,i,1) != substr(old_password,i,1) THEN<BR> differ := differ + 1;<BR> END IF;<BR> END LOOP;</P><P> IF differ &lt; 3 THEN<BR> raise_application_error(-20004, 'Password should differ by at \<BR> least 3 characters');<BR> END IF;<BR> END IF;<BR> END IF;<BR> -- Everything is fine; return TRUE ;<BR> RETURN(TRUE);<BR>END;<BR>/</P><P><BR>You can customize this script to have different password verify function attributes, profile attributes and to apply to another profile.Wed, 13 May 2009 10:35:05 GMTAdmin