时间:2021-07-01 10:21:17 帮助过:25人阅读
2.查看密码策略
SQL> select * from dba_profiles where resource_NAME=‘PASSWORD_VERIFY_FUNCTION‘;
3.登录PL/SQL,以sysdba方式登录,密码输入默认密码 change_on_install
4.执行两个Funtion
CREATE OR REPLACE FUNCTION verify_function (username varchar2, password varchar2, old_password varchar2) RETURN boolean IS n boolean; m integer; differ integer; isdigit boolean; ischar boolean; ispunct boolean; digitarray varchar2(20); punctarray varchar2(25); chararray varchar2(52); BEGIN digitarray:= ‘0123456789‘; chararray:= ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ‘; punctarray:=‘!"#$%&()``*+,-/:;<=>?_‘; -- Check if the password is same as the username IF NLS_LOWER(password) = NLS_LOWER(username) THEN raise_application_error(-20001, ‘Password same as or similar to user‘); END IF; -- Check for the minimum length of the password IF length(password) < 9 THEN raise_application_error(-20002, ‘Password length less than 9‘); END IF; -- Check if the password is too simple. A dictionary of words may be -- maintained and a check may be made so as not to allow the words -- that are too simple for the password. IF NLS_LOWER(password) IN (‘welcome‘, ‘database‘, ‘account‘, ‘user‘, ‘password‘, ‘oracle‘, ‘computer‘, ‘abcd‘) THEN raise_application_error(-20002, ‘Password too simple‘); END IF; -- Check if the password contains at least one letter, one digit and one -- punctuation mark. -- 1. Check for the digit isdigit:=FALSE; m := length(password); FOR i IN 1..10 LOOP FOR j IN 1..m LOOP IF substr(password,j,1) = substr(digitarray,i,1) THEN isdigit:=TRUE; GOTO findchar; END IF; END LOOP; END LOOP; IF isdigit = FALSE THEN raise_application_error(-20003, ‘Password should contain at least one digit, one character and one punctuation‘); END IF; -- 2. Check for the character <<findchar>> ischar:=FALSE; FOR i IN 1..length(chararray) LOOP FOR j IN 1..m LOOP IF substr(password,j,1) = substr(chararray,i,1) THEN ischar:=TRUE; GOTO findpunct; END IF; END LOOP; END LOOP; IF ischar = FALSE THEN raise_application_error(-20003, ‘Password should contain at least one digit, one character and one punctuation‘); END IF; -- 3. Check for the punctuation <<findpunct>> ispunct:=FALSE; FOR i IN 1..length(punctarray) LOOP FOR j IN 1..m LOOP IF substr(password,j,1) = substr(punctarray,i,1) THEN ispunct:=TRUE; GOTO endsearch; END IF; END LOOP; END LOOP; IF ispunct = FALSE THEN raise_application_error(-20003, ‘Password should contain at least one digit, one character and one punctuation‘); END IF; <<endsearch>> -- Check if the password differs from the previous password by at least -- 3 letters IF old_password IS NOT NULL THEN differ := length(old_password) - length(password); IF abs(differ) < 3 THEN IF length(password) < length(old_password) THEN m := length(password); ELSE m := length(old_password); END IF; differ := abs(differ); FOR i IN 1..m LOOP IF substr(password,i,1) != substr(old_password,i,1) THEN differ := differ + 1; END IF; END LOOP; IF differ < 3 THEN raise_application_error(-20004, ‘Password should differ by at least 3 characters‘); END IF; END IF; END IF; -- Everything is fine; return TRUE ; RETURN(TRUE); END;
CREATE OR REPLACE FUNCTION verify_function_11G (username varchar2, password varchar2, old_password varchar2) RETURN boolean IS n boolean; m integer; differ integer; isdigit boolean; ischar boolean; ispunct boolean; db_name varchar2(40); digitarray varchar2(20); punctarray varchar2(25); chararray varchar2(52); i_char varchar2(10); simple_password varchar2(10); reverse_user varchar2(32); BEGIN digitarray:= ‘0123456789‘; chararray:= ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ‘; -- Check for the minimum length of the password IF length(password) < 8 THEN raise_application_error(-20001, ‘Password length less than 8‘); END IF; -- Check if the password is same as the username or username(1-100) IF NLS_LOWER(password) = NLS_LOWER(username) THEN raise_application_error(-20002, ‘Password same as or similar to user‘); END IF; FOR i IN 1..100 LOOP i_char := to_char(i); if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN raise_application_error(-20005, ‘Password same as or similar to user name ‘); END IF; END LOOP; -- Check if the password is same as the username reversed FOR i in REVERSE 1..length(username) LOOP reverse_user := reverse_user || substr(username, i, 1); END LOOP; IF NLS_LOWER(password) = NLS_LOWER(reverse_user) THEN raise_application_error(-20003, ‘Password same as username reversed‘); END IF; -- Check if the password is the same as server name and or servername(1-100) select name into db_name from sys.v$database; if NLS_LOWER(db_name) = NLS_LOWER(password) THEN raise_application_error(-20004, ‘Password same as or similar to server name‘); END IF; FOR i IN 1..100 LOOP i_char := to_char(i); if NLS_LOWER(db_name)|| i_char = NLS_LOWER(password) THEN raise_application_error(-20005, ‘Password same as or similar to server name ‘); END IF; END LOOP; -- Check if the password is too simple. A dictionary of words may be -- maintained and a check may be made so as not to allow the words -- that are too simple for the password. IF NLS_LOWER(password) IN (‘welcome1‘, ‘database1‘, ‘account1‘, ‘user1234‘, ‘password1‘, ‘oracle123‘, ‘computer1‘, ‘abcdefg1‘, ‘change_on_install‘) THEN raise_application_error(-20006, ‘Password too simple‘); END IF; -- Check if the password is the same as oracle (1-100) simple_password := ‘oracle‘; FOR i IN 1..100 LOOP i_char := to_char(i); if simple_password || i_char = NLS_LOWER(password) THEN raise_application_error(-20007, ‘Password too simple ‘); END IF; END LOOP; -- Check if the password contains at least one letter, one digit -- 1. Check for the digit isdigit:=FALSE; m := length(password); FOR i IN 1..10 LOOP FOR j IN 1..m LOOP IF substr(password,j,1) = substr(digitarray,i,1) THEN isdigit:=TRUE; GOTO findchar; END IF; END LOOP; END LOOP; IF isdigit = FALSE THEN raise_application_error(-20008, ‘Password must contain at least one digit, one character‘); END IF; -- 2. Check for the character <<findchar>> ischar:=FALSE; FOR i IN 1..length(chararray) LOOP FOR j IN 1..m LOOP IF substr(password,j,1) = substr(chararray,i,1) THEN ischar:=TRUE; GOTO endsearch; END IF; END LOOP; END LOOP; IF ischar = FALSE THEN raise_application_error(-20009, ‘Password must contain at least one digit, and one character‘); END IF; <<endsearch>> -- Check if the password differs from the previous password by at least -- 3 letters IF old_password IS NOT NULL THEN differ := length(old_password) - length(password); differ := abs(differ); IF differ < 3 THEN IF length(password) < length(old_password) THEN m := length(password); ELSE m := length(old_password); END IF; FOR i IN 1..m LOOP IF substr(password,i,1) != substr(old_password,i,1) THEN differ := differ + 1; END IF; END LOOP; IF differ < 3 THEN raise_application_error(-20011, ‘Password should differ from the old password by at least 3 characters‘); END IF; END IF; END IF; -- Everything is fine; return TRUE ; RETURN(TRUE); END;
5.设置密码策略
SQL> alter system set resource_limit = true;
SQL> alter profile default limit password_verify_function verify_function;
6.查看密码策略是否设置成功
SQL> select * from dba_profiles where resource_NAME=‘PASSWORD_VERIFY_FUNCTION‘;
Oracle修改密码复杂度策略
标签:dba name ast lte zab 查看 复杂度 tar fine