Oracle Profile and PASSWORD_VERIFY_FUNCTION
ALTER PROFILE default LIMIT
PASSWORD_LIFE_TIME 90
PASSWORD_GRACE_TIME 5
PASSWORD_REUSE_TIME 100
PASSWORD_REUSE_MAX 360
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_VERIFY_FUNCTION MY_PASSWORD_VERIFY_FUNC;[@more@]Rem
Rem $Header: utlpwdmg.sql 31-aug-2000.11:00:47 nireland Exp $
Rem
Rem utlpwdmg.sql
Rem
Rem Copyright (c) Oracle Corporation 1996, 2000. All Rights Reserved.
Rem
Rem NAME
Rem utlpwdmg.sql - script for Default Password Resource Limits
Rem
Rem DESCRIPTION
Rem This is a script for enabling the password management features
Rem by setting the default password resource limits.
Rem
Rem NOTES
Rem This file contains a function for minimum checking of password
Rem complexity. This is more of a sample function that the customer
Rem can use to develop the function for actual complexity checks that the
Rem customer wants to make on the new password.
Rem
Rem MODIFIED (MM/DD/YY)
Rem nireland 08/31/00 - Improve check for username=password. #1390553
Rem nireland 06/28/00 - Fix null old password test. #1341892
Rem asurpur 04/17/97 - Fix for bug479763
Rem asurpur 12/12/96 - Changing the name of password_verify_function
Rem asurpur 05/30/96 - New script for default password management
Rem asurpur 05/30/96 - Created
Rem
-- This script sets the default password resource parameters
-- This script needs to be run to enable the password features.
-- However the default resource parameters can be changed based
-- on the need.
-- A default password complexity function is also provided.
-- This function makes the minimum complexity checks like
-- the minimum length of the password, password not same as the
-- username, etc. The user may enhance this function according to
-- the need.
-- This function must be created in SYS schema.
-- connect sys/ as sysdba before running the script
-- JackJiang: this function MY_PASSWORD_VERIFY_FUNC derive from VERIFY_FUNC in $ORACLE_HOME/rdbms/admin/utlpwdmg.sql
CREATE OR REPLACE FUNCTION MY_PASSWORD_VERIFY_FUNC
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()``*+,-/:;<=>?_';
-- Check if the password is same as the username
IF NLS_LOWER(password) = NLS_LOWER(username) THEN
raise_application_error(-20001, 'Password same as or similar to user');
END IF;
-- Check for the minimum length of the password
IF length(password) < 8 THEN
raise_application_error(-20002, 'Password length less than 8');
END IF;
-- Check if the password is too simple. A dictionary of words may be
-- maintained and a check may be made so as not to allow the words
-- that are too simple for the password.
IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN
raise_application_error(-20002, 'Password too simple');
END IF;
-- Check if the password contains at least one letter, one digit and one
-- punctuation mark.
-- 1. Check for the digit
isdigit:=FALSE;
m := length(password);
FOR i IN 1..10 LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(digitarray,i,1) THEN
isdigit:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
-- IF isdigit = FALSE THEN
-- raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
-- END IF;
-- 2. Check for the punctuation
ispunct:=FALSE;
FOR i IN 1..length(punctarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(punctarray,i,1) THEN
ispunct:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
-- IF ispunct = FALSE THEN
-- raise_application_error(-20003, 'Password should contain at least one
-- digit, one character and one punctuation');
-- END IF;
-- password must contain at least one alphabetic and one non-alphabetic
-- runs to here, then the password doesn't have any non-alphabetic.
raise_application_error(-20003, 'Password must contain at least one alphabetic and one non-alphabetic');
-- 3. Check for the character
<>
ischar:=FALSE;
FOR i IN 1..length(chararray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(chararray,i,1) THEN
ischar:=TRUE;
END IF;
END LOOP;
END LOOP;
IF ischar = FALSE THEN
raise_application_error(-20003, 'Password must contain at least one alphabetic and one non-alphabetic');
END IF;
-- Everything is fine; return TRUE ;
RETURN(TRUE);
END;
/
-- This script alters the default parameters for Password Management
-- This means that all the users on the system have Password Management
-- enabled and set to the following values unless another profile is
-- created with parameter values set to different value or UNLIMITED
-- is created and assigned to the user.
ALTER PROFILE default LIMIT
PASSWORD_LIFE_TIME 90
PASSWORD_GRACE_TIME 5
PASSWORD_REUSE_TIME 100
PASSWORD_REUSE_MAX 360
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_VERIFY_FUNCTION MY_PASSWORD_VERIFY_FUNC;
PASSWORD_LIFE_TIME 90
PASSWORD_GRACE_TIME 5
PASSWORD_REUSE_TIME 100
PASSWORD_REUSE_MAX 360
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_VERIFY_FUNCTION MY_PASSWORD_VERIFY_FUNC;[@more@]Rem
Rem $Header: utlpwdmg.sql 31-aug-2000.11:00:47 nireland Exp $
Rem
Rem utlpwdmg.sql
Rem
Rem Copyright (c) Oracle Corporation 1996, 2000. All Rights Reserved.
Rem
Rem NAME
Rem utlpwdmg.sql - script for Default Password Resource Limits
Rem
Rem DESCRIPTION
Rem This is a script for enabling the password management features
Rem by setting the default password resource limits.
Rem
Rem NOTES
Rem This file contains a function for minimum checking of password
Rem complexity. This is more of a sample function that the customer
Rem can use to develop the function for actual complexity checks that the
Rem customer wants to make on the new password.
Rem
Rem MODIFIED (MM/DD/YY)
Rem nireland 08/31/00 - Improve check for username=password. #1390553
Rem nireland 06/28/00 - Fix null old password test. #1341892
Rem asurpur 04/17/97 - Fix for bug479763
Rem asurpur 12/12/96 - Changing the name of password_verify_function
Rem asurpur 05/30/96 - New script for default password management
Rem asurpur 05/30/96 - Created
Rem
-- This script sets the default password resource parameters
-- This script needs to be run to enable the password features.
-- However the default resource parameters can be changed based
-- on the need.
-- A default password complexity function is also provided.
-- This function makes the minimum complexity checks like
-- the minimum length of the password, password not same as the
-- username, etc. The user may enhance this function according to
-- the need.
-- This function must be created in SYS schema.
-- connect sys/
-- JackJiang: this function MY_PASSWORD_VERIFY_FUNC derive from VERIFY_FUNC in $ORACLE_HOME/rdbms/admin/utlpwdmg.sql
CREATE OR REPLACE FUNCTION MY_PASSWORD_VERIFY_FUNC
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()``*+,-/:;<=>?_';
-- Check if the password is same as the username
IF NLS_LOWER(password) = NLS_LOWER(username) THEN
raise_application_error(-20001, 'Password same as or similar to user');
END IF;
-- Check for the minimum length of the password
IF length(password) < 8 THEN
raise_application_error(-20002, 'Password length less than 8');
END IF;
-- Check if the password is too simple. A dictionary of words may be
-- maintained and a check may be made so as not to allow the words
-- that are too simple for the password.
IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN
raise_application_error(-20002, 'Password too simple');
END IF;
-- Check if the password contains at least one letter, one digit and one
-- punctuation mark.
-- 1. Check for the digit
isdigit:=FALSE;
m := length(password);
FOR i IN 1..10 LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(digitarray,i,1) THEN
isdigit:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
-- IF isdigit = FALSE THEN
-- raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
-- END IF;
-- 2. Check for the punctuation
ispunct:=FALSE;
FOR i IN 1..length(punctarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(punctarray,i,1) THEN
ispunct:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
-- IF ispunct = FALSE THEN
-- raise_application_error(-20003, 'Password should contain at least one
-- digit, one character and one punctuation');
-- END IF;
-- password must contain at least one alphabetic and one non-alphabetic
-- runs to here, then the password doesn't have any non-alphabetic.
raise_application_error(-20003, 'Password must contain at least one alphabetic and one non-alphabetic');
-- 3. Check for the character
<
ischar:=FALSE;
FOR i IN 1..length(chararray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(chararray,i,1) THEN
ischar:=TRUE;
END IF;
END LOOP;
END LOOP;
IF ischar = FALSE THEN
raise_application_error(-20003, 'Password must contain at least one alphabetic and one non-alphabetic');
END IF;
-- Everything is fine; return TRUE ;
RETURN(TRUE);
END;
/
-- This script alters the default parameters for Password Management
-- This means that all the users on the system have Password Management
-- enabled and set to the following values unless another profile is
-- created with parameter values set to different value or UNLIMITED
-- is created and assigned to the user.
ALTER PROFILE default LIMIT
PASSWORD_LIFE_TIME 90
PASSWORD_GRACE_TIME 5
PASSWORD_REUSE_TIME 100
PASSWORD_REUSE_MAX 360
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_VERIFY_FUNCTION MY_PASSWORD_VERIFY_FUNC;
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/14377/viewspace-1060108/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle profileOracle
- Oracle OCP(29):PROFILEOracle
- ORACLE SQL PROFILE使用OracleSQL
- oracle profile 試驗Oracle
- Oracle profile的使用Oracle
- oracle .bash_profileOracle
- Oracle Profile學習Oracle
- ORACLE profile 優化配置Oracle優化
- Oracle Profile 使用詳解Oracle
- oracle11g增加profileOracle
- ORACLE profile 最佳化配置Oracle
- Oracle Profile 使用詳解(轉)Oracle
- oracle之profile的應用Oracle
- oracle之 profile的應用Oracle
- Oracle for Linux : .bash_profileOracleLinux
- ORACLE user profile配置/管理/維護Oracle
- oracle的profile檔案學習Oracle
- Oracle使用者profile詳解Oracle
- oracle 11g增加業務profileOracle
- Oracle 使用者 profile 屬性Oracle
- 修改oracle賬戶profile設定Oracle
- 如何解讀Oracle的LOAD PROFILEOracle
- Oracle基礎 09 概要檔案 profileOracle
- oracle profile sessions_per_user的用法OracleSession
- 【PROFILE】使用Oracle PROFILE限制會話中每一次呼叫所使用的CPU資源Oracle會話
- Oracle SQL Profile固定執行計劃的方法OracleSQL
- Oracle profile 使用者資源限制 說明Oracle
- 使用Oracle PROFILE控制會話空閒時間Oracle會話
- Linux & Oracle 10g RAC --- .bash_profileLinuxOracle 10g
- 【PROFILE】使用Oracle的PROFILE對使用者資源限制和密碼限制的研究與探索Oracle密碼
- linux下 /etc/profile、~/.bash_profile ~/.profile的執行過程Linux
- oracle 通過sql profile為sql語句加hintOracleSQL
- sql profileSQL
- Oracle優化案例-coe_xfr_sql_profile固定執行計劃與刪除profile(二十五)Oracle優化SQL
- 使用PASSWORD_VERIFY_FUNCTION設定使用者密碼複雜度Function密碼複雜度
- 【PROFILE】Oracle11g密碼複雜度說明Oracle密碼複雜度
- .Oracle固定執行計劃之SQL PROFILE概要檔案OracleSQL
- AIX環境oracle使用者的.profile檔案(轉)AIOracle