Enforcing password complexity

If you haven't already looked at it, please see utlpwdmg.sql in your $ORACLE_HOME/rdbms/admin directory for the sample password verification function provided by Oracle. You should be able to modify that to your needs.

Once you have your function ready, alter the profile to which you wish to assign that password verification function.

For example:

-- This script alters the default parameters for Password Management. 
-- This means that all the users on the system have Password Management 
-- enabled and set to the following values unless another profile is 
-- created with parameter values set to different value or UNLIMITED 
-- is created and assigned to the user.  

ALTER PROFILE DEFAULT 
LIMIT PASSWORD_LIFE_TIME 60 
PASSWORD_GRACE_TIME 10 
PASSWORD_REUSE_TIME 1800 
PASSWORD_REUSE_MAX UNLIMITED 
FAILED_LOGIN_ATTEMPTS 3 
PASSWORD_LOCK_TIME 1/1440 
PASSWORD_VERIFY_FUNCTION verify_function; 

• Oracle8i Administrator's Guide - Chapter 22 Establishing Security Policies
• Oracle8i SQL Reference - ALTER PROFILE, CREATE PROFILE Statements

For More Information

• Dozens more answers to tough Oracle questions from Karen Morton are available.
• The Best Oracle Web Links: tips, tutorials, scripts, and more.
• Have an Oracle or SQL tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
• Ask your technical Oracle and SQL questions -- or help out your peers by answering them -- in our live discussion forums.
• Ask the Experts yourself: Our SQL, database design, Oracle, SQL Server, DB2, metadata, object-oriented and data warehousing gurus are waiting to answer your toughest questions.