Tuesday, May 27, 2008

Password Verification or Complexity function in Oracle

In database you may wish to set up rules how a user password will be. You can make password complex as you like. Suppose a common rule is username and password must not be same. To do so you have to do following tasks.

1)Create a password verification function.
2)Assign this verification function to your desired profile or system default profile.
3)Assign this profile to the users to whom you want to impose rules.

Oracle itself has a sample PL/SQL scripts by which we can impose password complexity. The script UTLPWDMG.SQL sets the default profile parameters. The oracle sample password verification function ensures that the password meets the following requirements.

•Is at least four characters long
•Differs from the user name
•Has at least one alpha, one numeric, and one punctuation mark character
•Is not simple or obvious, such as welcome, account, database, or user
•Differs from the previous password by at least 3 characters

The default complexity function can be seen as $ORACLE_HOME/rdbms/admin/utlpwdmg.sql location. Just open the file with any editor and modify you need any.

Also look at the last few lines of the script. It also assign your default profile DEFAULT to a password verification function verify_function. However you can imply to verify other profile rather than DEFAULT by comment out the last paragraph of the script. Then execute the script. You must be a SYS user in order to execute password verification function.

With an example I have demonsrate the scenario.

1)Connect as a SYS user.

SQL> CONN / AS SYSDBA
Connected.

2)Execute the utlpwdmg.sql script.
SQL> @$ORACLE_HOME/rdbms/admin/utlpwdmg.sql
Function created.

3)Create the profile with this function. Like,
SQL> CREATE PROFILE TEST_PROFILE LIMIT PASSWORD_VERIFY_FUNCTION verify_function;
Profile created.

4)Assign this profile to a user.
SQL> ALTER USER INDIA PROFILE TEST_PROFILE;
User altered.

5)Connct the user to which profile is assigned.
SQL> CONN INDIA/T
Connected.

6)Check wether password complexity function work or not by.
SQL> PASSWORD
Changing password for INDIA
Old password:
New password:
Retype new password:
ERROR:
ORA-28003: password verification for the specified password failed
ORA-20002: Password length less than 4

Password unchanged

Suppose I gave here 1!ab for new password and it worked ok.
SQL> passw
Changing password for INDIA
Old password:
New password:
Retype new password:
Password changed

No comments:

Post a Comment