1、連接上Linux數據庫服務器，切換到Oracle數據庫用戶桌面，打開終端，進入到環境變量$ORACLE_HOME目錄

Last login: Fri Dec 11 13:26:18 2015 from 192.168.1.100

[root@Linux主機名 ~]# su - oracle

[oracle@Linux主機名 dbhome_1]$ cd $ORACLE_HOME/rdbms/admin

[oracle@Linux主機名 admin]$

2、查看Oracle11g數據庫提供的默認密碼復雜度函數腳本(Oracle安裝目錄下的/rdbms/admin/utlpwdmg.sql文件)

[oracle@Linux主機名 admin]$ cat $ORACLE_HOME/rdbms/admin/utlpwdmg.sql

腳本詳細內容詳見文章末尾

3、登錄Oracle數據庫并執行Oracle11g數據庫提供的默認密碼復雜度函數腳本

[oracle@Linux主機名 admin]$ sqlplus /nolog

SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 13:33:58 2015

Copyright (c) 1982, 2009, Oracle.? All rights reserved.

SQL> conn /as sysdba

Connected.

SQL> @?/rdbms/admin/utlpwdmg.sql

Function created.

Profile altered.

Function created.

SQL>

4、在PL/SQL中創建用戶的資源文件，執行下面語句

CREATE PROFILE 資源文件名 LIMIT

SESSIONS_PER_USER UNLIMITED

CPU_PER_SESSION UNLIMITED

CPU_PER_CALL UNLIMITED

CONNECT_TIME UNLIMITED

IDLE_TIME 600? --10小時連續不活動的話系統自動斷開連接

LOGICAL_READS_PER_SESSION UNLIMITED

LOGICAL_READS_PER_CALL UNLIMITED

COMPOSITE_LIMIT UNLIMITED

PRIVATE_SGA UNLIMITED

FAILED_LOGIN_ATTEMPTS 10? --指定鎖定用戶的登錄失敗次數為10次，超過10次則系統被自動鎖定

PASSWORD_LIFE_TIME 180? --指定用戶同一密碼鎖允許使用的天數為180天

PASSWORD_REUSE_TIME UNLIMITED

PASSWORD_REUSE_MAX UNLIMITED

PASSWORD_LOCK_TIME 1? --指定用戶被鎖定天數為1天

PASSWORD_GRACE_TIME 10 --數據庫發出警告到登錄失效前的寬限天數

PASSWORD_VERIFY_FUNCTION verify_function_11G

5、測試更新用戶密碼

--創建用戶并使用自定義的配置文件

create user 用戶名 identified by 密碼 default tablespace 默認表空間名 temporary tablespace 臨時表空間名 profile 資源文件名;

--用戶授權

grant connect,resource,exp_full_database,imp_full_database to 用戶名;

--更新用戶密碼為簡單的字符串

alter user 用戶名 identified by 123456;

--更新用戶密碼為復雜的字符串

alter user 用戶名 identified by Csdn_20151211;

6、結論：發現簡單密碼無法更新，復雜的密碼更新成功。

附：$ORACLE_HOME/rdbms/admin/utlpwdmg.sql腳本源文件內容

Rem

Rem $Header: utlpwdmg.sql 02-aug-2006.08:18:05 asurpur Exp $

Rem

Rem utlpwdmg.sql

Rem

Rem Copyright (c) 2006, Oracle. All rights reserved.

Rem

Rem??? NAME

Rem????? utlpwdmg.sql - script for Default Password Resource Limits

Rem

Rem??? DESCRIPTION

Rem????? This is a script for enabling the password management features

Rem????? by setting the default password resource limits.

Rem

Rem??? NOTES

Rem????? This file contains a function for minimum checking of password

Rem????? complexity. This is more of a sample function that the customer

Rem????? can use to develop the function for actual complexity checks that the

Rem????? customer wants to make on the new password.

Rem

Rem??? MODIFIED?? (MM/DD/YY)

Rem??? asurpur???? 05/30/06 - fix - 5246666 beef up password complexity check

Rem??? nireland??? 08/31/00 - Improve check for username=password. #1390553

Rem??? nireland??? 06/28/00 - Fix null old password test. #1341892

Rem??? asurpur???? 04/17/97 - Fix for bug479763

Rem??? asurpur???? 12/12/96 - Changing the name of password_verify_function

Rem??? asurpur???? 05/30/96 - New script for default password management

Rem??? asurpur???? 05/30/96 - Created

Rem

-- This script sets the default password resource parameters

-- This script needs to be run to enable the password features.

-- However the default resource parameters can be changed based

-- on the need.

-- A default password complexity function is also provided.

-- This function makes the minimum complexity checks like

-- the minimum length of the password, password not same as the

-- username, etc. The user may enhance this function according to

-- the need.

-- This function must be created in SYS schema.

-- connect sys/ as sysdba before running the script

CREATE OR REPLACE FUNCTION verify_function_11G

(username varchar2,

password varchar2,

old_password varchar2)

RETURN boolean IS

n boolean;

m integer;

differ integer;

isdigit boolean;

ischar? boolean;

ispunct boolean;

db_name varchar2(40);

digitarray varchar2(20);

punctarray varchar2(25);

chararray varchar2(52);

i_char varchar2(10);

simple_password varchar2(10);

reverse_user varchar2(32);

BEGIN

digitarray:= '0123456789';

chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

-- Check for the minimum length of the password

IF length(password) < 8 THEN

raise_application_error(-20001, 'Password length less than 8');

END IF;

-- Check if the password is same as the username or username(1-100)

IF NLS_LOWER(password) = NLS_LOWER(username) THEN

raise_application_error(-20002, 'Password same as or similar to user');

END IF;

FOR i IN 1..100 LOOP

i_char := to_char(i);

if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN

raise_application_error(-20005, 'Password same as or similar to user name ');

END IF;

END LOOP;

-- Check if the password is same as the username reversed

FOR i in REVERSE 1..length(username) LOOP

reverse_user := reverse_user || substr(username, i, 1);

END LOOP;

IF NLS_LOWER(password) = NLS_LOWER(reverse_user) THEN

raise_application_error(-20003, 'Password same as username reversed');

END IF;

-- Check if the password is the same as server name and or servername(1-100)

select name into db_name from sys.v$database;

if NLS_LOWER(db_name) = NLS_LOWER(password) THEN

raise_application_error(-20004, 'Password same as or similar to server name');

END IF;

FOR i IN 1..100 LOOP

i_char := to_char(i);

if NLS_LOWER(db_name)|| i_char = NLS_LOWER(password) THEN

raise_application_error(-20005, 'Password same as or similar to server name ');

END IF;

END LOOP;

-- Check if the password is too simple. A dictionary of words may be

-- maintained and a check may be made so as not to allow the words

-- that are too simple for the password.

IF NLS_LOWER(password) IN ('welcome1', 'database1', 'account1', 'user1234', 'password1', 'oracle123', 'computer1', 'abcdefg1', 'change_on_install') THEN

raise_application_error(-20006, 'Password too simple');

END IF;

-- Check if the password is the same as oracle (1-100)

simple_password := 'oracle';

FOR i IN 1..100 LOOP

i_char := to_char(i);

if simple_password || i_char = NLS_LOWER(password) THEN

raise_application_error(-20007, 'Password too simple ');

END IF;

END LOOP;

-- Check if the password contains at least one letter, one digit

-- 1. Check for the digit

isdigit:=FALSE;

m := length(password);

FOR i IN 1..10 LOOP

FOR j IN 1..m LOOP

IF substr(password,j,1) = substr(digitarray,i,1) THEN

isdigit:=TRUE;

GOTO findchar;

END IF;

END LOOP;

END LOOP;

IF isdigit = FALSE THEN

raise_application_error(-20008, 'Password must contain at least one digit, one character');

END IF;

-- 2. Check for the character

<>

ischar:=FALSE;

FOR i IN 1..length(chararray) LOOP

FOR j IN 1..m LOOP

IF substr(password,j,1) = substr(chararray,i,1) THEN

ischar:=TRUE;

GOTO endsearch;

END IF;

END LOOP;

END LOOP;

IF ischar = FALSE THEN

raise_application_error(-20009, 'Password must contain at least one \

digit, and one character');

END IF;

<>

-- Check if the password differs from the previous password by at least

-- 3 letters

IF old_password IS NOT NULL THEN

differ := length(old_password) - length(password);

differ := abs(differ);

IF differ < 3 THEN

IF length(password) < length(old_password) THEN

m := length(password);

ELSE

m := length(old_password);

END IF;

FOR i IN 1..m LOOP

IF substr(password,i,1) != substr(old_password,i,1) THEN

differ := differ + 1;

END IF;

END LOOP;

IF differ < 3 THEN

raise_application_error(-20011, 'Password should differ from the \

old password by at least 3 characters');

END IF;

END IF;

END IF;

-- Everything is fine; return TRUE ;

RETURN(TRUE);

END;

/

-- This script alters the default parameters for Password Management

-- This means that all the users on the system have Password Management

-- enabled and set to the following values unless another profile is

-- created with parameter values set to different value or UNLIMITED

-- is created and assigned to the user.

ALTER PROFILE DEFAULT LIMIT

PASSWORD_LIFE_TIME 180

PASSWORD_GRACE_TIME 7

PASSWORD_REUSE_TIME UNLIMITED

PASSWORD_REUSE_MAX UNLIMITED

FAILED_LOGIN_ATTEMPTS 10

PASSWORD_LOCK_TIME 1

PASSWORD_VERIFY_FUNCTION verify_function_11G;

-- Below is the older version of the script

-- This script sets the default password resource parameters

-- This script needs to be run to enable the password features.

-- However the default resource parameters can be changed based

-- on the need.

-- A default password complexity function is also provided.

-- This function makes the minimum complexity checks like

-- the minimum length of the password, password not same as the

-- username, etc. The user may enhance this function according to

-- the need.

-- This function must be created in SYS schema.

-- connect sys/ as sysdba before running the script

CREATE OR REPLACE FUNCTION verify_function

(username varchar2,

password varchar2,

old_password varchar2)

RETURN boolean IS

n boolean;

m integer;

differ integer;

isdigit boolean;

ischar? boolean;

ispunct boolean;

digitarray varchar2(20);

punctarray varchar2(25);

chararray varchar2(52);

BEGIN

digitarray:= '0123456789';

chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

punctarray:='!"#$%&()``*+,-/:;<=>?_';

-- Check if the password is same as the username

IF NLS_LOWER(password) = NLS_LOWER(username) THEN

raise_application_error(-20001, 'Password same as or similar to user');

END IF;

-- Check for the minimum length of the password

IF length(password) < 4 THEN

raise_application_error(-20002, 'Password length less than 4');

END IF;

-- Check if the password is too simple. A dictionary of words may be

-- maintained and a check may be made so as not to allow the words

-- that are too simple for the password.

IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN

raise_application_error(-20002, 'Password too simple');

END IF;

-- Check if the password contains at least one letter, one digit and one

-- punctuation mark.

-- 1. Check for the digit

isdigit:=FALSE;

m := length(password);

FOR i IN 1..10 LOOP

FOR j IN 1..m LOOP

IF substr(password,j,1) = substr(digitarray,i,1) THEN

isdigit:=TRUE;

GOTO findchar;

END IF;

END LOOP;

END LOOP;

IF isdigit = FALSE THEN

raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');

END IF;

-- 2. Check for the character

<>

ischar:=FALSE;

FOR i IN 1..length(chararray) LOOP

FOR j IN 1..m LOOP

IF substr(password,j,1) = substr(chararray,i,1) THEN

ischar:=TRUE;

GOTO findpunct;

END IF;

END LOOP;

END LOOP;

IF ischar = FALSE THEN

raise_application_error(-20003, 'Password should contain at least one \

digit, one character and one punctuation');

END IF;

-- 3. Check for the punctuation

<>

ispunct:=FALSE;

FOR i IN 1..length(punctarray) LOOP

FOR j IN 1..m LOOP

IF substr(password,j,1) = substr(punctarray,i,1) THEN

ispunct:=TRUE;

GOTO endsearch;

END IF;

END LOOP;

END LOOP;

IF ispunct = FALSE THEN

raise_application_error(-20003, 'Password should contain at least one \

digit, one character and one punctuation');

END IF;

<>

-- Check if the password differs from the previous password by at least

-- 3 letters

IF old_password IS NOT NULL THEN

differ := length(old_password) - length(password);

IF abs(differ) < 3 THEN

IF length(password) < length(old_password) THEN

m := length(password);

ELSE

m := length(old_password);

END IF;

differ := abs(differ);

FOR i IN 1..m LOOP

IF substr(password,i,1) != substr(old_password,i,1) THEN

differ := differ + 1;

END IF;

END LOOP;

IF differ < 3 THEN

raise_application_error(-20004, 'Password should differ by at \

least 3 characters');

END IF;

END IF;

END IF;

-- Everything is fine; return TRUE ;

RETURN(TRUE);

END;

/

-- This script alters the default parameters for Password Management

-- This means that all the users on the system have Password Management

-- enabled and set to the following values unless another profile is

-- created with parameter values set to different value or UNLIMITED

-- is created and assigned to the user.

-- Enable this if you want older version of the Password Profile parameters

-- ALTER PROFILE DEFAULT LIMIT

-- PASSWORD_LIFE_TIME 60

-- PASSWORD_GRACE_TIME 10

-- PASSWORD_REUSE_TIME 1800

-- PASSWORD_REUSE_MAX UNLIMITED

-- FAILED_LOGIN_ATTEMPTS 3

-- PASSWORD_LOCK_TIME 1/1440

-- PASSWORD_VERIFY_FUNCTION verify_function;

————————————————

版權聲明：本文為CSDN博主「疾風鑄境」的原創文章，遵循CC 4.0 BY-SA版權協議，轉載請附上原文出處鏈接及本聲明。

原文鏈接：https://blog.csdn.net/xqf222/article/details/50263181

分享到：

總結

以上是生活随笔為你收集整理的oracle数据库密码复杂度查询,Oracle11g R2创建PASSWORD_VERIFY_FUNCTION对应密码复杂度验证函数步骤...的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。