RE: Oracle password dictionary

  • From: "Andre van Winssen" <awinssen@xxxxxxxxx>
  • To: <Ron.Reidy@xxxxxxxxxxxxxxxxxx>, <thomas_arnezeder@xxxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
  • Date: Wed, 15 Jun 2005 18:32:01 +0200

Extproc is full of exploits itself. 

If you cannot enforce enough password strength checking in plsql
(password_verify_function) then why not use a stored procedure that calls
some java class that sticks to all your business rules for this purpose?

Andre v Winssen

-----Oorspronkelijk bericht-----
Van: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
Namens Reidy, Ron
Verzonden: woensdag 15 juni 2005 17:53
Aan: thomas_arnezeder@xxxxxxxxxxxxxxx; oracle-l@xxxxxxxxxxxxx
Onderwerp: RE: Oracle password dictionary

Yes.  You can put a dictionary into the DB and then query against it.

We are using a extproc library callout to the cracklib library to =
enforce password strength.

Ron Reidy
Lead DBA
Array BioPharma, Inc.

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of
Sent: Wednesday, June 15, 2005 9:48 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Oracle password dictionary

Got a question about password strength. It's possible to enforce the =
complexity of a password in the password_verify_function. But is there a =
way to check an oracle pw against a dictionary at the time the pw gets =
changed (and perhaps reject the new pw)? On UX you have the ckpw tool =
where you can check against a pw dictionary.

This electronic message transmission is a PRIVATE communication which =
information which may be confidential or privileged. The information is =
to be for the use of the individual or entity named above. If you are =
not the=20
intended recipient, please be aware that any disclosure, copying, =
or use of the contents of this information is prohibited. Please notify =
sender  of the delivery error by replying to this message, or notify us =
telephone (877-633-2436, ext. 0), and then delete it from your system.



Other related posts: