|
-
I have created a table that has a password column e.g.
Create table emp(
username char(8) NOT NULL,
user_id char(6) NOT NULL,
password char (6) NOT NULL
This table will be used as a log on screen(to grant access to users through a web browser).
I have been asked to encrypt the password column.I know that there is a package in oracle 8i(8.1.6) release 2 but I can't use it because I am running oracle 8i (8.1.5).
So I read the below documentation but I don't know if this documentation can help me do what I want to do or not:
Password Verification Routine Formatting Guidelines
DBAs can enhance the existing password verification complexity routine or create their own password verification routines using PL/SQL or third-party tools.
The DBA-authored PL/SQL call must adhere to the following format:
routine_name (
userid_parameter IN VARCHAR(30),
password_parameter IN VARCHAR (30),
old_password_parameter IN VARCHAR (30)
)
RETURN BOOLEAN
After a new routine is created, it must be assigned as the password verification routine using the user's profile or the system default profile.
CREATE/ALTER PROFILE profile_name LIMIT
PASSWORD_VERIFY_FUNCTION routine_name
The password verify routine must be owned by SYS.
Password Verification Routine: Sample Script
The following sample script sets default password resource limits and provides minimum checking of password complexity. You can use this sample script as a model when developing your own complexity checks for a new password.
This script sets the default password resource parameters, and must be run to enable the password features. However, you can change the default resource parameters if necessary.
The default password complexity function performs the following minimum complexity checks:
The password satisfies minimum length requirements.
The password is not the username. You can modify this function based on your requirements.
This function must be created in SYS schema, and you must connect sys/<password> as sysdba before running the script.
CREATE OR REPLACE FUNCTION verify_function
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()''*+,-/:;<=>?_';
--Check if the password is same as the username
IF password = username THEN
raise_application_error(-20001, 'Password same as user');
END IF;
--Check for the minimum length of the password
IF length(password) < 4 THEN
raise_application_error(-20002, 'Password length less than 4');
END IF;
--Check if the password is too simple. A dictionary of words may be
--maintained and a check may be made so as not to allow the words
--that are too simple for the password.
IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle',
'computer', 'abcd') THEN raise_application_error(-20002, 'Password too simple');
END IF;
--Check if the password contains at least one letter, one digit and one
--punctuation mark.
--1. Check for the digit
--You may delete 1. and replace with 2. or 3.
isdigit:=FALSE;
m := length(password);
FOR i IN 1..10 LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(digitarray,i,1) THEN
isdigit:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
IF isdigit = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one
digit, one character and one punctuation');
END IF;
--2. Check for the character
<<findchar>>
ischar:=FALSE;
FOR i IN 1..length(chararray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(chararray,i,1) THEN
ischar:=TRUE;
GOTO findpunct;
END IF;
END LOOP;
END LOOP;
IF ischar = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one digit, one
character and one punctuation');
END IF;
--3. Check for the punctuation
<<findpunct>>
ispunct:=FALSE;
FOR i IN 1..length(punctarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(punctarray,i,1) THEN
ispunct:=TRUE;
GOTO endsearch;
END IF;
END LOOP;
END LOOP;
IF ispunct = FALSE THEN raise_application_error(-20003, 'Password should contain at least
one \ digit, one character and one punctuation');
END IF;
<<endsearch>>
--Check if the password differs from the previous password by at least 3 letters
IF old_password = '' THEN
raise_application_error(-20004, 'Old password is null');
END IF;
--Everything is fine; return TRUE ;
differ := length(old_password) - length(password);
IF abs(differ) < 3 THEN
IF length(password) < length(old_password) THEN
m := length(password);
ELSE
m:= length(old_password);
END IF;
differ := abs(differ);
FOR i IN 1..m LOOP
IF substr(password,i,1) != substr(old_password,i,1) THEN
differ := differ + 1;
END IF;
END LOOP;
IF differ < 3 THEN
raise_application_error(-20004, 'Password should differ by at
least 3 characters');
END IF;
END IF;
--Everything is fine; return TRUE ;
RETURN(TRUE);
END;
Can any body please tell me if this documentation can help and if so how?
I will appreciate it if you could give me specific instructions.
Thanks,
dorothy
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote