提升Oracle用户密码安全性的策略

as sysdba before running the script CREATE OR REPLACE FUNCTION verify_function_11G_WJZYY (username varchar2,password varchar2,old_password varchar2) RETURN boolean IS n boolean; m integer; differ integer; isdigit boolean; ischar boolean; ispunct boolean; db_name varchar2(40); digitarray varchar2(20); punctarray varchar2(25); chararray varchar2(52); i_char varchar2(10); simple_password varchar2(10); reverse_user varchar2(32); BEGIN digitarray:= '0123456789'; chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; -- Check if the password is same as the username or username(1-100) IF NLS_LOWER(password) = NLS_LOWER(username) THEN raise_application_error(-20002,'Password same as or similar to user'); END IF; FOR i IN 1..100 LOOP i_char := to_char(i); if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN raise_application_error(-20005,'Password same as or similar to user name '); END IF; END LOOP; -- Everything is fine; return TRUE ; RETURN(TRUE); END; / GRANT EXECUTE ON verify_function_11G_WJZYY TO PUBLIC; -- This script alters the default parameters for Password Management -- This means that all the users on the system have Password Management -- enabled and set to the following values unless another profile is -- created with parameter values set to different value or UNLIMITED -- is created and assigned to the user. ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 180 PASSWORD_VERIFY_FUNCTION verify_function_11G_WJZYY;

我们将这个脚本，遵守之前Oracle的命名方式，将其命名为utlpwdmg1.sql，放在同样的路径下。

这样，我们执行这个脚本就可以创建这个校验函数：

3.测试验证方案

将上面的删减版脚本进行测试并验证功能是否实现：