DBAsupport.com Forums - Powered by vBulletin
Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: code to check the password at least one upper case letter

  1. #1
    Join Date
    Oct 2000
    Posts
    144

    Unhappy code to check the password at least one upper case letter

    Hi,
    I receive a task to setup so it can check the complexity of the password. I use utlpwdmg.sql to modify to meet the requirement at our site. The script does not check the password to have at least one upper case letter. I googled it and so far it said that oracle does not have the capability of checking the case sensitive until 11g patch. Our site database is 10g. Is there workaround or suggestion of what I can do or look. I truthly appreciate it.

  2. #2
    Join Date
    Oct 2000
    Posts
    144

    Unhappy

    below is the code. I tested it out and it does not raise error that I need at least one upper case letter.

    CREATE OR REPLACE FUNCTION pw_verify_function
    (username varchar2,
    password varchar2,
    old_password varchar2)
    RETURN boolean IS
    n boolean;
    m integer;
    differ integer;
    isdigit boolean;
    ischar boolean;
    ispunct boolean;
    digitarray varchar2(20);
    punctarray varchar2(25);
    chararray varchar2(52);
    upperarray varchar2(26);

    BEGIN
    digitarray:= '0123456789';
    chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    punctarray:='!"#$%&()``*+,-/:;<=>?_';
    upperarray:= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';

    m := length(password);
    -- 3. Check for the punctuation
    ispunct:=FALSE;
    FOR i IN 1..length(punctarray) LOOP
    FOR j IN 1..m LOOP
    IF substr(password,j,1) = substr(punctarray,i,1) THEN
    ispunct:=TRUE;
    GOTO findupper;
    END IF;
    END LOOP;
    END LOOP;
    IF ispunct = FALSE THEN
    raise_application_error(-20005, 'Password should contain at least one punctuation');
    END IF;
    -- 4. Check for at least one upper case letter
    <>
    ischar:=FALSE;
    FOR i IN 1..length(upperarray) LOOP
    FOR j IN 1..m LOOP
    IF substr(password,j,1) = substr(upperarray,i,1) THEN
    ischar:=TRUE;
    GOTO endsearch;
    END IF;
    END LOOP;
    END LOOP;
    IF ischar = FALSE THEN
    raise_application_error(-20006, 'Password must contain at least one upper case letter.');
    END IF;
    <>
    -- if everything is fine retrun true.
    RETURN(true);
    END;
    /

  3. #3
    Join Date
    Jan 2001
    Posts
    2,828
    Hi

    Use regular expression for 10g and above
    Use ow_pattern for other versions

    Code:
    declare
    l_regular_expr VARCHAR2(50) := '[A-Z]';
    begin
    IF REGEXP_INSTR('password',l_regular_expr)>0 then
      dbms_output.put_line('It Worked');
    end if;
    end;
     /
    Code:
    declare
    l_regular_expr VARCHAR2(50) := '[A-Z]';
    begin
    IF REGEXP_INSTR('passWord',l_regular_expr)>0 then
      dbms_output.put_line('It Worked');
    end if;
    end;
    /
    http://www.dba-oracle.com/oow_gettin...xpressions.pdf
    Last edited by hrishy; 10-14-2009 at 05:38 AM.

  4. #4
    Join Date
    Jul 2002
    Location
    Lake Worth, FL
    Posts
    1,492

    Cool Why not just use or customize the Oracle supplied sql code?

    Oracle Database provides a sample password verification function in the PL/SQL script UTLPWDMG.SQL (located in ORACLE_BASE/ORACLE_HOME/RDBMS/ADMIN) that, when enabled, checks whether users are correctly creating or modifying their passwords.

    The UTLPWDMG.SQL script checks for the following requirements when users create or modify passwords:

    • The password contains no fewer than eight characters and does not exceed 30 characters.
    • The password is not the same as the user name, nor is it the user name spelled backward or with numeric characters appended.
    • The password is not the same as the server name or the server name with the numbers 1–100 appended.
    • The password is not too simple, for example, welcome1, database1, account1, user1234, password1, oracle, oracle123, computer1, abcdefg1, or change_on_install.
    • The password includes at least 1 numeric and 1 alphabetic character.
    • The password differs from the previous password by at least 3 letters.

    "The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb

  5. #5
    Join Date
    Oct 2000
    Posts
    144
    Hi LkBrwn,
    I used the utlpwd.sql file and modified the way that it fit with my worksite requirement. I wish that the requirement match with what in the sql file. It requires to have at least one upper and one lower case letter. Some of the code I found on google did not work.

    Hi Hrishy,
    I will try out your code.

    Thanks,

  6. #6
    Join Date
    Oct 2000
    Posts
    144
    Hi Hrishy,
    I modified the code and recreated the function. I testd it out and it gave me the result no matter if I have the upper case or not. I changed the following:

    1.) from regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
    to regular_expr:= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    comment: the result is the same message

    2.) from regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
    to regular_expr:= '[A-Z]';
    comment: the reulst is the same message


    =======

    CREATE OR REPLACE FUNCTION pw_verify_function
    (username varchar2,
    password varchar2,
    old_password varchar2)
    RETURN boolean IS
    n boolean;
    m integer;
    differ integer;
    isdigit boolean;
    ischar boolean;
    ispunct boolean;
    isupper boolean;
    digitarray varchar2(20);
    punctarray varchar2(25);
    chararray varchar2(52);
    regular_expr varchar2(50);

    BEGIN
    digitarray:= '0123456789';
    chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    punctarray:='!"#$%&()``*+,-/:;<=>?_';
    regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
    m := length(password);

    if regexp_instr('password',regular_expr) < 1 THEN
    raise_application_error(-20006, 'Password must contain at least one upper case letter.');
    end if;

    -- if everything is fine retrun true.
    RETURN(true);
    END;
    /

    ====

    result:
    SQL> alter user minnie identified by minnie_4444444444;
    alter user trina identified by trina_4444444444
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20006: Password must contain at least one upper case letter.


    SQL> alter user minnie identified by minnie_4444444444A;
    alter user trina identified by trina_4444444444A
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20006: Password must contain at least one upper case letter.

  7. #7
    Join Date
    Oct 2000
    Posts
    144
    correction: the result is:

    result:
    SQL> alter user trina identified by trina_4444444444;
    alter user trina identified by trina_4444444444
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20006: Password must contain at least one upper case letter.


    SQL> alter user trina identified by trina_4444444444A;
    alter user trina identified by trina_4444444444A
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20006: Password must contain at least one upper case letter.

  8. #8
    Join Date
    Mar 2007
    Location
    Ft. Lauderdale, FL
    Posts
    3,555
    Try:
    if regexp_instr(password,regular_expr)
    Instead of:
    if regexp_instr('password',regular_expr)

    Also, take into consideration regexp_instr doesn't count how many "password" characters are in "regular_exp" but returns the position of the first "password" character that matches any "regular_expr" character so, for a password like AmyPaSsWord it would return "1"
    Pablo (Paul) Berzukov

    Author of Understanding Database Administration available at amazon and other bookstores.

    Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.

  9. #9
    Join Date
    Jan 2001
    Posts
    2,828
    Hi

    I would change

    Code:
    regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
    to
    regular_expr:= '[A-Z]';
    Code:
    and
    if regexp_instr('password',regular_expr) < 1
    to
    IF REGEXP_INSTR(password,regular_expr)>0
    you should understand whats going on in that regex your code failed because instead of comparing variable value in if condition both the times you compared literal strings

    regards
    Hrishy

  10. #10
    Join Date
    Oct 2000
    Posts
    144
    Hi PAVB,
    I put in the the single quote around the password (maroon font below), ran teh function again, then tested out. The outcome no matter what I put in all lower case or one upper case, it error me out. The error below.

    Hi Hrishy,
    I will try your way to see if it work.


    Hi PAVB and Hrishy,
    I truthly to thank you so much for making effort and providing me recommendation of the code to test out.

    ==============
    SQL> CREATE OR REPLACE FUNCTION trina_verify_function
    2 (username varchar2,
    3 password varchar2,
    4 old_password varchar2)
    5 RETURN boolean IS
    6 n boolean;
    7 m integer;
    8 differ integer;
    9 isdigit boolean;
    10 ischar boolean;
    11 ispunct boolean;
    12 isupper boolean;
    13 digitarray varchar2(20);
    14 punctarray varchar2(25);
    15 chararray varchar2(52);
    16 regular_expr varchar2(50);
    17
    18 BEGIN
    19 digitarray:= '0123456789';
    20 chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    21 punctarray:='!"#$%&()``*+,-/:;<=>?_';
    22 regular_expr:= '[ABCDEFGHIJKLMNOPQRSTUVWXYZ]';
    23 m := length(password);
    24
    25 if regexp_instr('password',regular_expr) < 1 THEN 26 raise_application_error(-20006, 'Password must contain at least one upper case letter.');
    27 end if;
    28
    29 -- if everything is fine retrun true.
    30 RETURN(true);
    31 END;
    32 /

    Function created.

    SQL>
    SQL> alter user trina identified by trina_55555555555;
    alter user trina identified by trina_55555555555
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20006: Password must contain at least one upper case letter.


    SQL> alter user trina identified by trina_A5555555555;
    alter user trina identified by trina_A5555555555
    *
    ERROR at line 1:
    ORA-28003: password verification for the specified password failed
    ORA-20006: Password must contain at least one upper case letter.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width