-
code to check the password at least one upper case letter
Hi,
I receive a task to setup so it can check the complexity of the password. I use utlpwdmg.sql to modify to meet the requirement at our site. The script does not check the password to have at least one upper case letter. I googled it and so far it said that oracle does not have the capability of checking the case sensitive until 11g patch. Our site database is 10g. Is there workaround or suggestion of what I can do or look. I truthly appreciate it.
-
below is the code. I tested it out and it does not raise error that I need at least one upper case letter.
CREATE OR REPLACE FUNCTION pw_verify_function
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
upperarray varchar2(26);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()``*+,-/:;<=>?_';
upperarray:= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
m := length(password);
-- 3. Check for the punctuation
ispunct:=FALSE;
FOR i IN 1..length(punctarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(punctarray,i,1) THEN
ispunct:=TRUE;
GOTO findupper;
END IF;
END LOOP;
END LOOP;
IF ispunct = FALSE THEN
raise_application_error(-20005, 'Password should contain at least one punctuation');
END IF;
-- 4. Check for at least one upper case letter
<>
ischar:=FALSE;
FOR i IN 1..length(upperarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(upperarray,i,1) THEN
ischar:=TRUE;
GOTO endsearch;
END IF;
END LOOP;
END LOOP;
IF ischar = FALSE THEN
raise_application_error(-20006, 'Password must contain at least one upper case letter.');
END IF;
<>
-- if everything is fine retrun true.
RETURN(true);
END;
/
-
Hi
Use regular expression for 10g and above
Use ow_pattern for other versions
Code:
declare
l_regular_expr VARCHAR2(50) := '[A-Z]';
begin
IF REGEXP_INSTR('password',l_regular_expr)>0 then
dbms_output.put_line('It Worked');
end if;
end;
/
Code:
declare
l_regular_expr VARCHAR2(50) := '[A-Z]';
begin
IF REGEXP_INSTR('passWord',l_regular_expr)>0 then
dbms_output.put_line('It Worked');
end if;
end;
/
http://www.dba-oracle.com/oow_gettin...xpressions.pdf
Last edited by hrishy; 10-14-2009 at 05:38 AM.
-
Why not just use or customize the Oracle supplied sql code?
Oracle Database provides a sample password verification function in the PL/SQL script UTLPWDMG.SQL (located in ORACLE_BASE/ORACLE_HOME/RDBMS/ADMIN) that, when enabled, checks whether users are correctly creating or modifying their passwords.
The UTLPWDMG.SQL script checks for the following requirements when users create or modify passwords:
- The password contains no fewer than eight characters and does not exceed 30 characters.
- The password is not the same as the user name, nor is it the user name spelled backward or with numeric characters appended.
- The password is not the same as the server name or the server name with the numbers 1–100 appended.
- The password is not too simple, for example, welcome1, database1, account1, user1234, password1, oracle, oracle123, computer1, abcdefg1, or change_on_install.
- The password includes at least 1 numeric and 1 alphabetic character.
- The password differs from the previous password by at least 3 letters.
"The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb
-
Hi LkBrwn,
I used the utlpwd.sql file and modified the way that it fit with my worksite requirement. I wish that the requirement match with what in the sql file. It requires to have at least one upper and one lower case letter. Some of the code I found on google did not work.
Hi Hrishy,
I will try out your code.
Thanks,
-
Hi Hrishy,
I modified the code and recreated the function. I testd it out and it gave me the result no matter if I have the upper case or not. I changed the following:
1.) from regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
to regular_expr:= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
comment: the result is the same message
2.) from regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
to regular_expr:= '[A-Z]';
comment: the reulst is the same message
=======
CREATE OR REPLACE FUNCTION pw_verify_function
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
isupper boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
regular_expr varchar2(50);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()``*+,-/:;<=>?_';
regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
m := length(password);
if regexp_instr('password',regular_expr) < 1 THEN
raise_application_error(-20006, 'Password must contain at least one upper case letter.');
end if;
-- if everything is fine retrun true.
RETURN(true);
END;
/
====
result:
SQL> alter user minnie identified by minnie_4444444444;
alter user trina identified by trina_4444444444
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20006: Password must contain at least one upper case letter.
SQL> alter user minnie identified by minnie_4444444444A;
alter user trina identified by trina_4444444444A
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20006: Password must contain at least one upper case letter.
-
correction: the result is:
result:
SQL> alter user trina identified by trina_4444444444;
alter user trina identified by trina_4444444444
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20006: Password must contain at least one upper case letter.
SQL> alter user trina identified by trina_4444444444A;
alter user trina identified by trina_4444444444A
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20006: Password must contain at least one upper case letter.
-
Try:
if regexp_instr(password,regular_expr)
Instead of:
if regexp_instr('password',regular_expr)
Also, take into consideration regexp_instr doesn't count how many "password" characters are in "regular_exp" but returns the position of the first "password" character that matches any "regular_expr" character so, for a password like AmyPaSsWord it would return "1"
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.
-
Hi
I would change
Code:
regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
to
regular_expr:= '[A-Z]';
Code:
and
if regexp_instr('password',regular_expr) < 1
to
IF REGEXP_INSTR(password,regular_expr)>0
you should understand whats going on in that regex your code failed because instead of comparing variable value in if condition both the times you compared literal strings
regards
Hrishy
-
Hi PAVB,
I put in the the single quote around the password (maroon font below), ran teh function again, then tested out. The outcome no matter what I put in all lower case or one upper case, it error me out. The error below.
Hi Hrishy,
I will try your way to see if it work.
Hi PAVB and Hrishy,
I truthly to thank you so much for making effort and providing me recommendation of the code to test out.
==============
SQL> CREATE OR REPLACE FUNCTION trina_verify_function
2 (username varchar2,
3 password varchar2,
4 old_password varchar2)
5 RETURN boolean IS
6 n boolean;
7 m integer;
8 differ integer;
9 isdigit boolean;
10 ischar boolean;
11 ispunct boolean;
12 isupper boolean;
13 digitarray varchar2(20);
14 punctarray varchar2(25);
15 chararray varchar2(52);
16 regular_expr varchar2(50);
17
18 BEGIN
19 digitarray:= '0123456789';
20 chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
21 punctarray:='!"#$%&()``*+,-/:;<=>?_';
22 regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
23 m := length(password);
24
25 if regexp_instr('password',regular_expr) < 1 THEN 26 raise_application_error(-20006, 'Password must contain at least one upper case letter.');
27 end if;
28
29 -- if everything is fine retrun true.
30 RETURN(true);
31 END;
32 /
Function created.
SQL>
SQL> alter user trina identified by trina_55555555555;
alter user trina identified by trina_55555555555
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20006: Password must contain at least one upper case letter.
SQL> alter user trina identified by trina_A5555555555;
alter user trina identified by trina_A5555555555
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20006: Password must contain at least one upper case letter.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|