RE: Password verification function
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 10 May 2006 15:24:35 -0400
One further data point. I took the Oracle-supplied code and stripped
out everything except the part which checks that the password is not the
same as the userid. If I log in as a regular user, and try to change
the password I get ORA-28003 regardless of what I enter. If I connect
as system and try to change the password to equal the username, I get
ORA-28003 followed by the expected error code and message from
raise_application_error.
Is this a privilege problem that I am dealing with?
Here is my code:
------------------------------------------------------------------------
------------
create or replace function dummy_pw_verify
(username varchar2,
password varchar2,
old_password varchar2)
return boolean is
BEGIN
if nls_lower(password) = nls_lower(username) then
raise_application_error(-20001, 'Password same as
username');
end if;
return(true);
end;
------------------------------------------------------------------------
-------------
Thanks,
Peter Schauss
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Schauss, Peter
Sent: Wednesday, May 10, 2006 2:24 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: Password verification function
I am trying to implement some simple password complexity rules by adding
a password verification function to the default profile. I am using
Oracle's sample code (utlpwdmg.sql) as a starting point. Looking at the
code, I can see that it raises application errors (-20001, -20002 ...)
for things like a password which is the same as the user name, password
too short, etc. When I try to change a password, however, all I get is
the generic ORA-28003 error, even when I try a password which, I
believe, should pass. What am I missing here?
Environment: Oracle 8.1.7.4 with the cpuJan2006 patches, AIX 5.3.
Thanks,
Peter Schauss
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
