• Oracle11g R2创建PASSWORD_VERIFY_FUNCTION相应password复杂度验证函数步骤


    Oracle11g R2创建PASSWORD_VERIFY_FUNCTION相应密码复杂度验证函数步骤

    运行測试环境:数据库服务器Oracle Linux 5.8 + Oracle 11g R2数据库

    相关工具:PL/SQL软件(连接Linux下的Oracle数据库),SecureCRT软件(远程连接Linux服务器)

    具体步骤:

    1、连接上Linux数据库服务器,切换到Oracle数据库用户桌面。打开终端,进入到环境变量$ORACLE_HOME文件夹

    Last login: Fri Dec 11 13:26:18 2015 from 192.168.1.100
    [root@Linux主机名 ~]# su - oracle
    [oracle@Linux主机名 dbhome_1]$ cd $ORACLE_HOME/rdbms/admin
    [oracle@Linux主机名 admin]$

    2、查看Oracle11g数据库提供的默认密码复杂度函数脚本(Oracle安装文件夹下的/rdbms/admin/utlpwdmg.sql文件)

    [oracle@Linux主机名 admin]$ cat $ORACLE_HOME/rdbms/admin/utlpwdmg.sql

    脚本具体内容详见文章末尾

    3、登录Oracle数据库并运行Oracle11g数据库提供的默认密码复杂度函数脚本

    [oracle@Linux主机名 admin]$ sqlplus /nolog

    SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 13:33:58 2015

    Copyright (c) 1982, 2009, Oracle.  All rights reserved.

    SQL> conn /as sysdba
    Connected.
    SQL> @?/rdbms/admin/utlpwdmg.sql

    Function created.


    Profile altered.


    Function created.

    SQL>

    4、在PL/SQL中创建用户的资源文件,运行以下语句

    CREATE PROFILE 资源文件名称 LIMIT 
      SESSIONS_PER_USER UNLIMITED 
      CPU_PER_SESSION UNLIMITED 
      CPU_PER_CALL UNLIMITED 
      CONNECT_TIME UNLIMITED 
      IDLE_TIME 600  --10小时连续不活动的话系统自己主动断开连接
      LOGICAL_READS_PER_SESSION UNLIMITED 
      LOGICAL_READS_PER_CALL UNLIMITED 
      COMPOSITE_LIMIT UNLIMITED 
      PRIVATE_SGA UNLIMITED 
      FAILED_LOGIN_ATTEMPTS 10  --指定锁定用户的登录失败次数为10次,超过10次则系统被自己主动锁定
      PASSWORD_LIFE_TIME 180  --指定用户同一密码锁同意使用的天数为180天
      PASSWORD_REUSE_TIME UNLIMITED 
      PASSWORD_REUSE_MAX UNLIMITED 
      PASSWORD_LOCK_TIME 1  --指定用户被锁定天数为1天
      PASSWORD_GRACE_TIME 10 --数据库发出警告到登录失效前的宽限天数 
      PASSWORD_VERIFY_FUNCTION verify_function_11G
     
    5、測试更新用户密码

    --创建用户并使用自己定义的配置文件
    create user 用户名 identified by 密码 default tablespace 默认表空间名 temporary tablespace 暂时表空间名 profile 资源文件名称;

    --用户授权
    grant connect,resource,exp_full_database,imp_full_database to 用户名;

    --更新用户密码为简单的字符串
    alter user 用户名 identified by 123456;

    --更新用户密码为复杂的字符串
    alter user 用户名 identified by Csdn_20151211;

    6、结论:发现简单密码无法更新,复杂的密码更新成功。


    附:$ORACLE_HOME/rdbms/admin/utlpwdmg.sql脚本源文件内容

    Rem
    Rem $Header: utlpwdmg.sql 02-aug-2006.08:18:05 asurpur Exp $
    Rem
    Rem utlpwdmg.sql
    Rem
    Rem Copyright (c) 2006, Oracle. All rights reserved. 
    Rem
    Rem    NAME
    Rem      utlpwdmg.sql - script for Default Password Resource Limits
    Rem
    Rem    DESCRIPTION
    Rem      This is a script for enabling the password management features
    Rem      by setting the default password resource limits.
    Rem
    Rem    NOTES
    Rem      This file contains a function for minimum checking of password
    Rem      complexity. This is more of a sample function that the customer
    Rem      can use to develop the function for actual complexity checks that the
    Rem      customer wants to make on the new password.
    Rem
    Rem    MODIFIED   (MM/DD/YY)
    Rem    asurpur     05/30/06 - fix - 5246666 beef up password complexity check
    Rem    nireland    08/31/00 - Improve check for username=password. #1390553
    Rem    nireland    06/28/00 - Fix null old password test. #1341892
    Rem    asurpur     04/17/97 - Fix for bug479763
    Rem    asurpur     12/12/96 - Changing the name of password_verify_function
    Rem    asurpur     05/30/96 - New script for default password management
    Rem    asurpur     05/30/96 - Created
    Rem


    -- This script sets the default password resource parameters
    -- This script needs to be run to enable the password features.
    -- However the default resource parameters can be changed based
    -- on the need.
    -- A default password complexity function is also provided.
    -- This function makes the minimum complexity checks like
    -- the minimum length of the password, password not same as the
    -- username, etc. The user may enhance this function according to
    -- the need.
    -- This function must be created in SYS schema.
    -- connect sys/<password> as sysdba before running the script

    CREATE OR REPLACE FUNCTION verify_function_11G
    (username varchar2,
      password varchar2,
      old_password varchar2)
      RETURN boolean IS
       n boolean;
       m integer;
       differ integer;
       isdigit boolean;
       ischar  boolean;
       ispunct boolean;
       db_name varchar2(40);
       digitarray varchar2(20);
       punctarray varchar2(25);
       chararray varchar2(52);
       i_char varchar2(10);
       simple_password varchar2(10);
       reverse_user varchar2(32);

    BEGIN
       digitarray:= '0123456789';
       chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

       -- Check for the minimum length of the password
       IF length(password) < 8 THEN
          raise_application_error(-20001, 'Password length less than 8');
       END IF;


       -- Check if the password is same as the username or username(1-100)
       IF NLS_LOWER(password) = NLS_LOWER(username) THEN
         raise_application_error(-20002, 'Password same as or similar to user');
       END IF;
       FOR i IN 1..100 LOOP
          i_char := to_char(i);
          if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN
            raise_application_error(-20005, 'Password same as or similar to user name ');
          END IF;
        END LOOP;

       -- Check if the password is same as the username reversed
      
       FOR i in REVERSE 1..length(username) LOOP
         reverse_user := reverse_user || substr(username, i, 1);
       END LOOP;
       IF NLS_LOWER(password) = NLS_LOWER(reverse_user) THEN
         raise_application_error(-20003, 'Password same as username reversed');
       END IF;

       -- Check if the password is the same as server name and or servername(1-100)
       select name into db_name from sys.v$database;
       if NLS_LOWER(db_name) = NLS_LOWER(password) THEN
          raise_application_error(-20004, 'Password same as or similar to server name');
       END IF;
       FOR i IN 1..100 LOOP
          i_char := to_char(i);
          if NLS_LOWER(db_name)|| i_char = NLS_LOWER(password) THEN
            raise_application_error(-20005, 'Password same as or similar to server name ');
          END IF;
        END LOOP;

       -- Check if the password is too simple. A dictionary of words may be
       -- maintained and a check may be made so as not to allow the words
       -- that are too simple for the password.
       IF NLS_LOWER(password) IN ('welcome1', 'database1', 'account1', 'user1234', 'password1', 'oracle123', 'computer1', 'abcdefg1', 'change_on_install') THEN
          raise_application_error(-20006, 'Password too simple');
       END IF;

       -- Check if the password is the same as oracle (1-100)
        simple_password := 'oracle';
        FOR i IN 1..100 LOOP
          i_char := to_char(i);
          if simple_password || i_char = NLS_LOWER(password) THEN
            raise_application_error(-20007, 'Password too simple ');
          END IF;
        END LOOP;

       -- Check if the password contains at least one letter, one digit
       -- 1. Check for the digit
       isdigit:=FALSE;
       m := length(password);
       FOR i IN 1..10 LOOP
          FOR j IN 1..m LOOP
             IF substr(password,j,1) = substr(digitarray,i,1) THEN
                isdigit:=TRUE;
                 GOTO findchar;
             END IF;
          END LOOP;
       END LOOP;

       IF isdigit = FALSE THEN
          raise_application_error(-20008, 'Password must contain at least one digit, one character');
       END IF;
       -- 2. Check for the character
       <<findchar>>
       ischar:=FALSE;
       FOR i IN 1..length(chararray) LOOP
          FOR j IN 1..m LOOP
             IF substr(password,j,1) = substr(chararray,i,1) THEN
                ischar:=TRUE;
                 GOTO endsearch;
             END IF;
          END LOOP;
       END LOOP;
       IF ischar = FALSE THEN
          raise_application_error(-20009, 'Password must contain at least one
                  digit, and one character');
       END IF;


       <<endsearch>>
       -- Check if the password differs from the previous password by at least
       -- 3 letters
       IF old_password IS NOT NULL THEN
         differ := length(old_password) - length(password);

         differ := abs(differ);
         IF differ < 3 THEN
           IF length(password) < length(old_password) THEN
             m := length(password);
           ELSE
             m := length(old_password);
           END IF;

           FOR i IN 1..m LOOP
             IF substr(password,i,1) != substr(old_password,i,1) THEN
               differ := differ + 1;
             END IF;
           END LOOP;

           IF differ < 3 THEN
             raise_application_error(-20011, 'Password should differ from the
                old password by at least 3 characters');
           END IF;
         END IF;
       END IF;
       -- Everything is fine; return TRUE ;  
       RETURN(TRUE);
    END;
    /

    -- This script alters the default parameters for Password Management
    -- This means that all the users on the system have Password Management
    -- enabled and set to the following values unless another profile is
    -- created with parameter values set to different value or UNLIMITED
    -- is created and assigned to the user.

    ALTER PROFILE DEFAULT LIMIT
    PASSWORD_LIFE_TIME 180
    PASSWORD_GRACE_TIME 7
    PASSWORD_REUSE_TIME UNLIMITED
    PASSWORD_REUSE_MAX UNLIMITED
    FAILED_LOGIN_ATTEMPTS 10
    PASSWORD_LOCK_TIME 1
    PASSWORD_VERIFY_FUNCTION verify_function_11G;

    -- Below is the older version of the script

    -- This script sets the default password resource parameters
    -- This script needs to be run to enable the password features.
    -- However the default resource parameters can be changed based
    -- on the need.
    -- A default password complexity function is also provided.
    -- This function makes the minimum complexity checks like
    -- the minimum length of the password, password not same as the
    -- username, etc. The user may enhance this function according to
    -- the need.
    -- This function must be created in SYS schema.
    -- connect sys/<password> as sysdba before running the script

    CREATE OR REPLACE FUNCTION verify_function
    (username varchar2,
      password varchar2,
      old_password varchar2)
      RETURN boolean IS
       n boolean;
       m integer;
       differ integer;
       isdigit boolean;
       ischar  boolean;
       ispunct boolean;
       digitarray varchar2(20);
       punctarray varchar2(25);
       chararray varchar2(52);

    BEGIN
       digitarray:= '0123456789';
       chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
       punctarray:='!"#$%&()``*+,-/:;<=>?_';

       -- Check if the password is same as the username
       IF NLS_LOWER(password) = NLS_LOWER(username) THEN
         raise_application_error(-20001, 'Password same as or similar to user');
       END IF;

       -- Check for the minimum length of the password
       IF length(password) < 4 THEN
          raise_application_error(-20002, 'Password length less than 4');
       END IF;

       -- Check if the password is too simple. A dictionary of words may be
       -- maintained and a check may be made so as not to allow the words
       -- that are too simple for the password.
       IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN
          raise_application_error(-20002, 'Password too simple');
       END IF;

       -- Check if the password contains at least one letter, one digit and one
       -- punctuation mark.
       -- 1. Check for the digit
       isdigit:=FALSE;
       m := length(password);
       FOR i IN 1..10 LOOP
          FOR j IN 1..m LOOP
             IF substr(password,j,1) = substr(digitarray,i,1) THEN
                isdigit:=TRUE;
                 GOTO findchar;
             END IF;
          END LOOP;
       END LOOP;
       IF isdigit = FALSE THEN
          raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
       END IF;
       -- 2. Check for the character
       <<findchar>>
       ischar:=FALSE;
       FOR i IN 1..length(chararray) LOOP
          FOR j IN 1..m LOOP
             IF substr(password,j,1) = substr(chararray,i,1) THEN
                ischar:=TRUE;
                 GOTO findpunct;
             END IF;
          END LOOP;
       END LOOP;
       IF ischar = FALSE THEN
          raise_application_error(-20003, 'Password should contain at least one
                  digit, one character and one punctuation');
       END IF;
       -- 3. Check for the punctuation
       <<findpunct>>
       ispunct:=FALSE;
       FOR i IN 1..length(punctarray) LOOP
          FOR j IN 1..m LOOP
             IF substr(password,j,1) = substr(punctarray,i,1) THEN
                ispunct:=TRUE;
                 GOTO endsearch;
             END IF;
          END LOOP;
       END LOOP;
       IF ispunct = FALSE THEN
          raise_application_error(-20003, 'Password should contain at least one
                  digit, one character and one punctuation');
       END IF;

       <<endsearch>>
       -- Check if the password differs from the previous password by at least
       -- 3 letters
       IF old_password IS NOT NULL THEN
         differ := length(old_password) - length(password);

         IF abs(differ) < 3 THEN
           IF length(password) < length(old_password) THEN
             m := length(password);
           ELSE
             m := length(old_password);
           END IF;

           differ := abs(differ);
           FOR i IN 1..m LOOP
             IF substr(password,i,1) != substr(old_password,i,1) THEN
               differ := differ + 1;
             END IF;
           END LOOP;

           IF differ < 3 THEN
             raise_application_error(-20004, 'Password should differ by at
             least 3 characters');
           END IF;
         END IF;
       END IF;
       -- Everything is fine; return TRUE ;  
       RETURN(TRUE);
    END;
    /

    -- This script alters the default parameters for Password Management
    -- This means that all the users on the system have Password Management
    -- enabled and set to the following values unless another profile is
    -- created with parameter values set to different value or UNLIMITED
    -- is created and assigned to the user.

    -- Enable this if you want older version of the Password Profile parameters
    -- ALTER PROFILE DEFAULT LIMIT
    -- PASSWORD_LIFE_TIME 60
    -- PASSWORD_GRACE_TIME 10
    -- PASSWORD_REUSE_TIME 1800
    -- PASSWORD_REUSE_MAX UNLIMITED
    -- FAILED_LOGIN_ATTEMPTS 3
    -- PASSWORD_LOCK_TIME 1/1440
    -- PASSWORD_VERIFY_FUNCTION verify_function;

  • 相关阅读:
    0302 随想
    1231递归下降语法分析程序设计
    《构建之法》1、2、3章读后感
    复利计算总结
    操作系统实验0
    学习进度条
    0302思考并回答一些问题
    评论
    c语言文法
    词法分析
  • 原文地址:https://www.cnblogs.com/cynchanpin/p/6999593.html
Copyright © 2020-2023  润新知