阿里云-云小站(无限量代金券发放中)
【腾讯云】云服务器、云数据库、COS、CDN、短信等热卖云产品特惠抢购

Oracle 11gR2创建PASSWORD_VERIFY_FUNCTION对应密码复杂度验证函数步骤

290次阅读
没有评论

共计 11194 个字符,预计需要花费 28 分钟才能阅读完成。

Oracle 11gR2 创建 PASSWORD_VERIFY_FUNCTION 对应密码复杂度验证函数步骤

运行测试环境:数据库服务器 Oracle Linux 5.8 + Oracle 11g R2 数据库

相关工具:PL/SQL 软件 (连接 Linux 下的 Oracle 数据库),SecureCRT 软件 (远程连接 Linux 服务器)

详细步骤:

1、连接上 Linux 数据库服务器,切换到 Oracle 数据库用户桌面,打开终端,进入到环境变量 $ORACLE_HOME 目录

Last login: Fri Dec 11 13:26:18 2015 from 192.168.1.100
[root@Linux 主机名 ~]# su – oracle
[oracle@Linux 主机名 dbhome_1]$ cd $ORACLE_HOME/rdbms/admin
[oracle@Linux 主机名 admin]$

2、查看 Oracle11g 数据库提供的默认密码复杂度函数脚本 (Oracle 安装目录下的 /rdbms/admin/utlpwdmg.sql 文件)

[oracle@Linux 主机名 admin]$ cat $ORACLE_HOME/rdbms/admin/utlpwdmg.sql

脚本详细内容详见文章末尾

 

3、登录 Oracle 数据库并执行 Oracle11g 数据库提供的默认密码复杂度函数脚本

[oracle@Linux 主机名 admin]$ sqlplus /nolog

SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 13:33:58 2015

Copyright (c) 1982, 2009, Oracle.  All rights reserved.

SQL> conn /as sysdba
Connected.
SQL> @?/rdbms/admin/utlpwdmg.sql

Function created.

Profile altered.

Function created.

SQL>

 

4、在 PL/SQL 中创建用户的资源文件,执行下面语句

CREATE PROFILE 资源文件名 LIMIT 
  SESSIONS_PER_USER UNLIMITED 
  CPU_PER_SESSION UNLIMITED 
  CPU_PER_CALL UNLIMITED 
  CONNECT_TIME UNLIMITED 
  IDLE_TIME 600  –10 小时连续不活动的话系统自动断开连接
  LOGICAL_READS_PER_SESSION UNLIMITED 
  LOGICAL_READS_PER_CALL UNLIMITED 
  COMPOSITE_LIMIT UNLIMITED 
  PRIVATE_SGA UNLIMITED 
  FAILED_LOGIN_ATTEMPTS 10  – 指定锁定用户的登录失败次数为 10 次,超过 10 次则系统被自动锁定
  PASSWORD_LIFE_TIME 180  – 指定用户同一密码锁允许使用的天数为 180 天
  PASSWORD_REUSE_TIME UNLIMITED 
  PASSWORD_REUSE_MAX UNLIMITED 
  PASSWORD_LOCK_TIME 1  – 指定用户被锁定天数为 1 天
  PASSWORD_GRACE_TIME 10 – 数据库发出警告到登录失效前的宽限天数 
  PASSWORD_VERIFY_FUNCTION verify_function_11G
 
5、测试更新用户密码

– 创建用户并使用自定义的配置文件
create user 用户名 identified by 密码 default tablespace 默认表空间名 temporary tablespace 临时表空间名 profile 资源文件名;

– 用户授权
grant connect,resource,exp_full_database,imp_full_database to 用户名;

– 更新用户密码为简单的字符串
alter user 用户名 identified by 123456;

– 更新用户密码为复杂的字符串
alter user 用户名 identified by Csdn_20151211;

 

6、结论:发现简单密码无法更新,复杂的密码更新成功。

 

附:$ORACLE_HOME/rdbms/admin/utlpwdmg.sql 脚本源文件内容

Rem
Rem $Header: utlpwdmg.sql 02-aug-2006.08:18:05 asurpur Exp $
Rem
Rem utlpwdmg.sql
Rem
Rem Copyright (c) 2006, Oracle. All rights reserved. 
Rem
Rem    NAME
Rem      utlpwdmg.sql – script for Default Password Resource Limits
Rem
Rem    DESCRIPTION
Rem      This is a script for enabling the password management features
Rem      by setting the default password resource limits.
Rem
Rem    NOTES
Rem      This file contains a function for minimum checking of password
Rem      complexity. This is more of a sample function that the customer
Rem      can use to develop the function for actual complexity checks that the
Rem      customer wants to make on the new password.
Rem
Rem    MODIFIED  (MM/DD/YY)
Rem    asurpur    05/30/06 – fix – 5246666 beef up password complexity check
Rem    nireland    08/31/00 – Improve check for username=password. #1390553
Rem    nireland    06/28/00 – Fix null old password test. #1341892
Rem    asurpur    04/17/97 – Fix for bug479763
Rem    asurpur    12/12/96 – Changing the name of password_verify_function
Rem    asurpur    05/30/96 – New script for default password management
Rem    asurpur    05/30/96 – Created
Rem

— This script sets the default password resource parameters
— This script needs to be run to enable the password features.
— However the default resource parameters can be changed based
— on the need.
— A default password complexity function is also provided.
— This function makes the minimum complexity checks like
— the minimum length of the password, password not same as the
— username, etc. The user may enhance this function according to
— the need.
— This function must be created in SYS schema.
— connect sys/<password> as sysdba before running the script

CREATE OR REPLACE FUNCTION verify_function_11G
(username varchar2,
  password varchar2,
  old_password varchar2)
  RETURN boolean IS
  n boolean;
  m integer;
  differ integer;
  isdigit boolean;
  ischar  boolean;
  ispunct boolean;
  db_name varchar2(40);
  digitarray varchar2(20);
  punctarray varchar2(25);
  chararray varchar2(52);
  i_char varchar2(10);
  simple_password varchar2(10);
  reverse_user varchar2(32);

BEGIN
  digitarray:= ‘0123456789’;
  chararray:= ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;

  — Check for the minimum length of the password
  IF length(password) < 8 THEN
      raise_application_error(-20001, ‘Password length less than 8’);
  END IF;

  — Check if the password is same as the username or username(1-100)
  IF NLS_LOWER(password) = NLS_LOWER(username) THEN
    raise_application_error(-20002, ‘Password same as or similar to user’);
  END IF;
  FOR i IN 1..100 LOOP
      i_char := to_char(i);
      if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN
        raise_application_error(-20005, ‘Password same as or similar to user name ‘);
      END IF;
    END LOOP;

  — Check if the password is same as the username reversed
 
  FOR i in REVERSE 1..length(username) LOOP
    reverse_user := reverse_user || substr(username, i, 1);
  END LOOP;
  IF NLS_LOWER(password) = NLS_LOWER(reverse_user) THEN
    raise_application_error(-20003, ‘Password same as username reversed’);
  END IF;

  — Check if the password is the same as server name and or servername(1-100)
  select name into db_name from sys.v$database;
  if NLS_LOWER(db_name) = NLS_LOWER(password) THEN
      raise_application_error(-20004, ‘Password same as or similar to server name’);
  END IF;
  FOR i IN 1..100 LOOP
      i_char := to_char(i);
      if NLS_LOWER(db_name)|| i_char = NLS_LOWER(password) THEN
        raise_application_error(-20005, ‘Password same as or similar to server name ‘);
      END IF;
    END LOOP;

  — Check if the password is too simple. A dictionary of words may be
  — maintained and a check may be made so as not to allow the words
  — that are too simple for the password.
  IF NLS_LOWER(password) IN (‘welcome1’, ‘database1’, ‘account1’, ‘user1234’, ‘password1’, ‘oracle123’, ‘computer1’, ‘abcdefg1’, ‘change_on_install’) THEN
      raise_application_error(-20006, ‘Password too simple’);
  END IF;

  — Check if the password is the same as oracle (1-100)
    simple_password := ‘oracle’;
    FOR i IN 1..100 LOOP
      i_char := to_char(i);
      if simple_password || i_char = NLS_LOWER(password) THEN
        raise_application_error(-20007, ‘Password too simple ‘);
      END IF;
    END LOOP;

  — Check if the password contains at least one letter, one digit
  — 1. Check for the digit
  isdigit:=FALSE;
  m := length(password);
  FOR i IN 1..10 LOOP
      FOR j IN 1..m LOOP
        IF substr(password,j,1) = substr(digitarray,i,1) THEN
            isdigit:=TRUE;
            GOTO findchar;
        END IF;
      END LOOP;
  END LOOP;

  IF isdigit = FALSE THEN
      raise_application_error(-20008, ‘Password must contain at least one digit, one character’);
  END IF;
  — 2. Check for the character
  <<findchar>>
  ischar:=FALSE;
  FOR i IN 1..length(chararray) LOOP
      FOR j IN 1..m LOOP
        IF substr(password,j,1) = substr(chararray,i,1) THEN
            ischar:=TRUE;
            GOTO endsearch;
        END IF;
      END LOOP;
  END LOOP;
  IF ischar = FALSE THEN
      raise_application_error(-20009, ‘Password must contain at least one \
              digit, and one character’);
  END IF;

  <<endsearch>>
  — Check if the password differs from the previous password by at least
  — 3 letters
  IF old_password IS NOT NULL THEN
    differ := length(old_password) – length(password);

    differ := abs(differ);
    IF differ < 3 THEN
      IF length(password) < length(old_password) THEN
        m := length(password);
      ELSE
        m := length(old_password);
      END IF;

      FOR i IN 1..m LOOP
        IF substr(password,i,1) != substr(old_password,i,1) THEN
          differ := differ + 1;
        END IF;
      END LOOP;

      IF differ < 3 THEN
        raise_application_error(-20011, ‘Password should differ from the \
            old password by at least 3 characters’);
      END IF;
    END IF;
  END IF;
  — Everything is fine; return TRUE ; 
  RETURN(TRUE);
END;
/

— This script alters the default parameters for Password Management
— This means that all the users on the system have Password Management
— enabled and set to the following values unless another profile is
— created with parameter values set to different value or UNLIMITED
— is created and assigned to the user.

ALTER PROFILE DEFAULT LIMIT
PASSWORD_LIFE_TIME 180
PASSWORD_GRACE_TIME 7
PASSWORD_REUSE_TIME UNLIMITED
PASSWORD_REUSE_MAX UNLIMITED
FAILED_LOGIN_ATTEMPTS 10
PASSWORD_LOCK_TIME 1
PASSWORD_VERIFY_FUNCTION verify_function_11G;

 

— Below is the older version of the script

— This script sets the default password resource parameters
— This script needs to be run to enable the password features.
— However the default resource parameters can be changed based
— on the need.
— A default password complexity function is also provided.
— This function makes the minimum complexity checks like
— the minimum length of the password, password not same as the
— username, etc. The user may enhance this function according to
— the need.
— This function must be created in SYS schema.
— connect sys/<password> as sysdba before running the script

CREATE OR REPLACE FUNCTION verify_function
(username varchar2,
  password varchar2,
  old_password varchar2)
  RETURN boolean IS
  n boolean;
  m integer;
  differ integer;
  isdigit boolean;
  ischar  boolean;
  ispunct boolean;
  digitarray varchar2(20);
  punctarray varchar2(25);
  chararray varchar2(52);

BEGIN
  digitarray:= ‘0123456789’;
  chararray:= ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;
  punctarray:=’!”#$%&()“*+,-/:;<=>?_’;

  — Check if the password is same as the username
  IF NLS_LOWER(password) = NLS_LOWER(username) THEN
    raise_application_error(-20001, ‘Password same as or similar to user’);
  END IF;

  — Check for the minimum length of the password
  IF length(password) < 4 THEN
      raise_application_error(-20002, ‘Password length less than 4’);
  END IF;

  — Check if the password is too simple. A dictionary of words may be
  — maintained and a check may be made so as not to allow the words
  — that are too simple for the password.
  IF NLS_LOWER(password) IN (‘welcome’, ‘database’, ‘account’, ‘user’, ‘password’, ‘oracle’, ‘computer’, ‘abcd’) THEN
      raise_application_error(-20002, ‘Password too simple’);
  END IF;

  — Check if the password contains at least one letter, one digit and one
  — punctuation mark.
  — 1. Check for the digit
  isdigit:=FALSE;
  m := length(password);
  FOR i IN 1..10 LOOP
      FOR j IN 1..m LOOP
        IF substr(password,j,1) = substr(digitarray,i,1) THEN
            isdigit:=TRUE;
            GOTO findchar;
        END IF;
      END LOOP;
  END LOOP;
  IF isdigit = FALSE THEN
      raise_application_error(-20003, ‘Password should contain at least one digit, one character and one punctuation’);
  END IF;
  — 2. Check for the character
  <<findchar>>
  ischar:=FALSE;
  FOR i IN 1..length(chararray) LOOP
      FOR j IN 1..m LOOP
        IF substr(password,j,1) = substr(chararray,i,1) THEN
            ischar:=TRUE;
            GOTO findpunct;
        END IF;
      END LOOP;
  END LOOP;
  IF ischar = FALSE THEN
      raise_application_error(-20003, ‘Password should contain at least one \
              digit, one character and one punctuation’);
  END IF;
  — 3. Check for the punctuation
  <<findpunct>>
  ispunct:=FALSE;
  FOR i IN 1..length(punctarray) LOOP
      FOR j IN 1..m LOOP
        IF substr(password,j,1) = substr(punctarray,i,1) THEN
            ispunct:=TRUE;
            GOTO endsearch;
        END IF;
      END LOOP;
  END LOOP;
  IF ispunct = FALSE THEN
      raise_application_error(-20003, ‘Password should contain at least one \
              digit, one character and one punctuation’);
  END IF;

  <<endsearch>>
  — Check if the password differs from the previous password by at least
  — 3 letters
  IF old_password IS NOT NULL THEN
    differ := length(old_password) – length(password);

    IF abs(differ) < 3 THEN
      IF length(password) < length(old_password) THEN
        m := length(password);
      ELSE
        m := length(old_password);
      END IF;

      differ := abs(differ);
      FOR i IN 1..m LOOP
        IF substr(password,i,1) != substr(old_password,i,1) THEN
          differ := differ + 1;
        END IF;
      END LOOP;

      IF differ < 3 THEN
        raise_application_error(-20004, ‘Password should differ by at \
        least 3 characters’);
      END IF;
    END IF;
  END IF;
  — Everything is fine; return TRUE ; 
  RETURN(TRUE);
END;
/

— This script alters the default parameters for Password Management
— This means that all the users on the system have Password Management
— enabled and set to the following values unless another profile is
— created with parameter values set to different value or UNLIMITED
— is created and assigned to the user.

— Enable this if you want older version of the Password Profile parameters
— ALTER PROFILE DEFAULT LIMIT
— PASSWORD_LIFE_TIME 60
— PASSWORD_GRACE_TIME 10
— PASSWORD_REUSE_TIME 1800
— PASSWORD_REUSE_MAX UNLIMITED
— FAILED_LOGIN_ATTEMPTS 3
— PASSWORD_LOCK_TIME 1/1440
— PASSWORD_VERIFY_FUNCTION verify_function;

更多 Oracle 相关信息见 Oracle 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=12

本文永久更新链接地址 :http://www.linuxidc.com/Linux/2017-10/147681.htm

正文完
星哥玩云-微信公众号
post-qrcode
 0
星锅
版权声明:本站原创文章,由 星锅 于2022-01-22发表,共计11194字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
【腾讯云】推广者专属福利,新客户无门槛领取总价值高达2860元代金券,每种代金券限量500张,先到先得。
阿里云-最新活动爆款每日限量供应
评论(没有评论)
验证码
【腾讯云】云服务器、云数据库、COS、CDN、短信等云产品特惠热卖中