Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle password dictionary

RE: Oracle password dictionary

From: Andre van Winssen <awinssen_at_xs4all.nl>
Date: Wed, 15 Jun 2005 18:32:01 +0200
Message-ID: <000101c571c7$c2600370$0b01a8c0@KAST01> 







Extproc is full of exploits itself. 



If you cannot enforce enough password strength checking in plsql
(password_verify_function) then why not use a stored procedure that calls
some java class that sticks to all your business rules for this purpose?



Regards,


Andre v Winssen





-----Oorspronkelijk bericht-----



Van: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
Namens Reidy, Ron


Verzonden: woensdag 15 juni 2005 17:53


Aan: thomas_arnezeder_at_non.agilent.com; oracle-l_at_freelists.org
Onderwerp: RE: Oracle password dictionary



Yes.  You can put a dictionary into the DB and then query against it.



We are using a extproc library callout to the cracklib library to =
enforce password strength.





Ron Reidy


Lead DBA


Array BioPharma, Inc.




-----Original Message-----



From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of
thomas_arnezeder_at_non.agilent.com


Sent: Wednesday, June 15, 2005 9:48 AM


To: oracle-l_at_freelists.org


Subject: Oracle password dictionary




Got a question about password strength. It's possible to enforce the =
complexity of a password in the password_verify_function. But is there a =
way to check an oracle pw against a dictionary at the time the pw gets =
changed (and perhaps reject the new pw)? On UX you have the ckpw tool =
where you can check against a pw dictionary.
=20


Thanks,


Thomas


--



http://www.freelists.org/webpage/oracle-l



This electronic message transmission is a PRIVATE communication which =
contains


information which may be confidential or privileged. The information is =
intended=20


to be for the use of the individual or entity named above. If you are =
not the=20


intended recipient, please be aware that any disclosure, copying, =
distribution=20


or use of the contents of this information is prohibited. Please notify =
the


sender  of the delivery error by replying to this message, or notify us =
by


telephone (877-633-2436, ext. 0), and then delete it from your system.



--



http://www.freelists.org/webpage/oracle-l



--



http://www.freelists.org/webpage/oracle-l
Received on Wed Jun 15 2005 - 12:37:07 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US