This example was tested on Oracle 10 on Linux. It shows you how to create a simple password verify function (PVF). First connect as the SYS user because a PVF must be owned by SYS:
SQL> conn / as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL>
Create a profile to use the PVF:
SQL> create profile andrews_profile
2 limit password_life_time 60
3 /
Profile created.
SQL>
Try to give my new profile a PVF called my_verify_function. This fails as it has not been created yet:
SQL> alter profile andrews_profile limit
2 password_verify_function my_verify_function
3 /
alter profile andrews_profile limit
*
ERROR at line 1:
ORA-07443: function MY_VERIFY_FUNCTION not found
SQL>
Create a function with the required name. A PVF must have the parameters shown. It should be obvious what this PVF is supposed to do:
SQL> create or replace function my_verify_function (
2 username varchar2,
3 password varchar2,
4 old_password varchar2)
5 return boolean as
6 begin
7 if length(password) < 4 then
8 return false;
9 else
10 return true;
11 end if;
12 end my_verify_function;
13 /
Function created.
SQL>
Change the new profile to use this PVF:
SQL> alter profile andrews_profile limit
2 password_verify_function my_verify_function
3 /
Profile altered.
SQL>
Create a user and assign it the new profile:
SQL> create user andrew identified by reid1
2 profile andrews_profile
3 /
User created.
SQL>
Change the user’s password. The new value is passed to the PVF and rejected:
SQL> alter user andrew identified by rei
2 /
alter user andrew identified by rei
*
ERROR at line 1:
ORA-28003: password verification for the specified
password failed
ORA-28003: password verification for the specified
password failed
SQL>
The error message was not very helpful so change the PVF accordingly:
SQL> create or replace function my_verify_function (
2 username varchar2,
3 password varchar2,
4 old_password varchar2)
5 return boolean as
6 begin
7 if length(password) < 4 then
8 raise_application_error
9 (-20000, 'Password < 4 characters long');
10 else
11 return true;
12 end if;
13 end my_verify_function;
14 /
Function created.
SQL>
Try to change the password again. This time the reason for rejection is clear:
SQL> alter user andrew identified by rei
2 /
alter user andrew identified by rei
*
ERROR at line 1:
ORA-28003: password verification for the specified
password failed
ORA-20000: Password < 4 characters long
SQL>
Fix the problem and try again:
SQL> alter user andrew identified by reid2
2 /
User altered.
SQL>
No comments:
Post a Comment