在Oracle中可以很方便的自定义密码验证函数,用来检验用户的新密码是否符合安全标准。
下面是一个最简单的自定义验证函数的例子:
SQL> CONN / AS SYSDBA
已连接。
SQL> CREATE OR REPLACE FUNCTION F_MY_VERIFY
2 (P_USERNAME IN VARCHAR2, P_PASSWORD IN VARCHAR2, P_OLD_PASSWORD IN VARCHAR2)
3 RETURN BOOLEAN AS
4 BEGIN
5 IF P_PASSWORD = P_OLD_PASSWORD THEN
6 RAISE_APPLICATION_ERROR(-20001, 'NEW PASSWORD SAME AS OLD PASSWORD.');
7 END IF;
8
9 IF P_PASSWORD = P_USERNAME THEN
10 RAISE_APPLICATION_ERROR(-20002, 'PASSWORD SAME AS USERNAME.');
11 END IF;
12
13 IF INSTR(P_PASSWORD, P_OLD_PASSWORD, 1) > 0 OR INSTR(P_OLD_PASSWORD, P_PASSWORD, 1) > 0 THEN
14 RAISE_APPLICATION_ERROR(-20003, 'NEW PASSWORD AND OLD PASSWORD ARE LIKE EACH OTHER.');
15 END IF;
16
17 IF INSTR(P_PASSWORD, P_USERNAME, 1) > 0 OR INSTR(P_USERNAME, P_PASSWORD, 1) > 0 THEN
18 RAISE_APPLICATION_ERROR(-20004, 'PASSWORD AND USERNAME ARE LIKE EACH OTHER.');
19 END IF;
20
21 IF LENGTH(P_PASSWORD) < 6 THEN
22 RAISE_APPLICATION_ERROR(-20005, 'PASSWORD TOO SHORT.');
23 END IF;
24
25 RETURN TRUE;
26 END;
27 /
函数已创建。
将当前的验证函数设置为DEFAULT策略的验证函数:
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION F_MY_VERIFY;
配置文件已更改
最后检验一下验证函数是否正常工作:
SQL> CONN U1/P_U1
已连接。
SQL> ALTER USER U1 IDENTIFIED BY P_U1 REPLACE P_U1;
ALTER USER U1 IDENTIFIED BY P_U1 REPLACE P_U1
*
第 1 行出现错误:
ORA-28007: 无法重新使用口令
SQL> ALTER USER U1 IDENTIFIED BY U1 REPLACE P_U1;
ALTER USER U1 IDENTIFIED BY U1 REPLACE P_U1
*
第 1 行出现错误:
ORA-28003: 指定口令的口令验证失败
ORA-20002: PASSWORD SAME AS USERNAME.
SQL> ALTER USER U1 IDENTIFIED BY P_U123 REPLACE P_U1;
ALTER USER U1 IDENTIFIED BY P_U123 REPLACE P_U1
*
第 1 行出现错误:
ORA-28003: 指定口令的口令验证失败
ORA-20003: NEW PASSWORD AND OLD PASSWORD ARE LIKE EACH OTHER.
SQL> ALTER USER U1 IDENTIFIED BY PASS_U1 REPLACE P_U1;
ALTER USER U1 IDENTIFIED BY PASS_U1 REPLACE P_U1
*
第 1 行出现错误:
ORA-28003: 指定口令的口令验证失败
ORA-20004: PASSWORD AND USERNAME ARE LIKE EACH OTHER.
SQL> ALTER USER U1 IDENTIFIED BY 12345 REPLACE P_U1;
ALTER USER U1 IDENTIFIED BY 12345 REPLACE P_U1
*
第 1 行出现错误:
ORA-00988: 口令缺失或无效
SQL> ALTER USER U1 IDENTIFIED BY "12345" REPLACE P_U1;
ALTER USER U1 IDENTIFIED BY "12345" REPLACE P_U1
*
第 1 行出现错误:
ORA-28003: 指定口令的口令验证失败
ORA-20005: PASSWORD TOO SHORT.
SQL> ALTER USER U1 IDENTIFIED BY NEW_COMPLICATE_PASSWORD REPLACE P_U1;
用户已更改。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。