Home > Ask the Oracle Experts > Database Design and Architecture Questions & Answers > Disallowing obvious passwords
Ask The Oracle Expert: Questions & Answers
EMAIL THIS

Disallowing obvious passwords

Brian Peasland EXPERT RESPONSE FROM: Brian Peasland

Pose a Question
Other Oracle Categories
Meet all Oracle Experts
Become an Expert for this site


Oracle tips, scripts, and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 02 March 2006
We are currently using Oracle's password function (utlpwdmg.sql, edited) verify_function as part of security in a 9i database. I would like to go further and disallow several hundred obvious passwords (e.g., password#1) that could still meet verification standards. The obvious way is to add these words to the -20002 section that checks if it is too simple. However the function also says that a dictionary of words can be maintained, and to that end I have created a table. Can you assist and show me how I reference this from the verify_function instead of the usual (password) IN ('welcome', 'blah1', 'blah2')?

>
EXPERT RESPONSE
You'll need to do a little recoding of your password verification function. Store all of your words in a table in the database. I'm going to assume that these words are in the BAD_WORD column of the BAD_PASSWORDS table. In the declaration section of the password verification function declare a NUMBER variable that we'll call BAD_COUNT. Now for the easy part; add code similar to the following to your password verification function: 
-- Get the number of times the new password is found in the BAD_PASSWORDS table
SELECT COUNT(*) INTO bad_count FROM bad_passwords
WHERE bad_word = new_password;

-- If count = 0, then new password not in the table, else count at least 1. 
IF bad_count > 0 THEN RAISE APPLICATION ERROR (-20002,'Cannot use a simple word for the password');
To add a new "bad" word, simply insert the word into the table. There will be no need to recode the password verification function.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Database Design and Architecture
Why am I getting an Oracle error when issuing the RECOVER DATABASE command?
Can I add multiple datafiles and make use of all the temporary datafiles at the same time?
What's the best tape backup strategy for 10g RAC?
Checkpoint vs. commit process
How does an INSERT/UPDATE statement behave when executed compared to a SELECT statement?
Can I resize the SYSTEM tablespace?
What is the difference between an instance and mounting in Oracle?
How to implement a ref cursor called in a stored procedure
In Oracle, does the number of columns in a table affect the performance during SELECT/INSERT/UPDATE?
Performance issues in Oracle 9i

Oracle database design
Weighing remote database administration pros and cons takes care
Oracle Database 11g makes waves at Burlington Coat Factory
How to create a database link in Oracle
Data modeling tools no substitute for hard work
How do I do that in Oracle?
The Oracle Database user's guide to Oracle OpenWorld 2007
Oracle OpenWorld 2007 Special Report
How many redo log files?
How to move tables from system tablespace to user tablespace
ORA-12560 error with Oracle 10g Instant Client

Oracle database security
Oracle Security: Top five headlines
Oracle Identity Manager adds provisioning, compliance features
Firm dumps MySQL on Red Hat for Oracle Database on Oracle Linux
Oracle password best practices
Five ways to prepare for a SOX audit
When were the SYS/SYSTEM passwords last changed?
How to create a password file in Oracle 9i?
Bharosa to give Oracle users transaction security
Database security when users can connect without password
Running a script without user's password to Oracle database

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
extent  (SearchOracle.com)
field  (SearchOracle.com)
flexfield  (SearchOracle.com)
foreign key  (SearchOracle.com)
quad tree  (SearchOracle.com)
record  (SearchOracle.com)
row  (SearchOracle.com)
splay tree  (SearchOracle.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsTipsAsk the ExpertsWebcastsWhite PapersProductsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts