| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle password dictionary
True enough. However, my job is to solve problems, not write apps. The =
checks made by cracklib would need to be coded into a big PL/SQL routine =
and then tested. I do not need to reinvent the wheel.
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Andre van Winssen
Sent: Wednesday, June 15, 2005 10:32 AM
To: Reidy, Ron; thomas_arnezeder_at_non.agilent.com; oracle-l_at_freelists.org
Subject: RE: Oracle password dictionary
Extproc is full of exploits itself.=20
If you cannot enforce enough password strength checking in plsql
(password_verify_function) then why not use a stored procedure that =
calls
some java class that sticks to all your business rules for this purpose?
Regards,
Andre v Winssen
-----Oorspronkelijk bericht-----
Van: oracle-l-bounce_at_freelists.org =
[mailto:oracle-l-bounce_at_freelists.org]
Namens Reidy, Ron
Verzonden: woensdag 15 juni 2005 17:53
Aan: thomas_arnezeder_at_non.agilent.com; oracle-l_at_freelists.org
Onderwerp: RE: Oracle password dictionary
Yes. You can put a dictionary into the DB and then query against it.
We are using a extproc library callout to the cracklib library to =3D enforce password strength.
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of
thomas_arnezeder_at_non.agilent.com
Sent: Wednesday, June 15, 2005 9:48 AM
To: oracle-l_at_freelists.org
Subject: Oracle password dictionary
Got a question about password strength. It's possible to enforce the =3D
complexity of a password in the password_verify_function. But is there a =
=3D
way to check an oracle pw against a dictionary at the time the pw gets =
=3D
changed (and perhaps reject the new pw)? On UX you have the ckpw tool =
=3D
where you can check against a pw dictionary.
=3D20
Thanks,
Thomas
-- http://www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which =Received on Wed Jun 15 2005 - 13:11:50 CDT
=3D
contains information which may be confidential or privileged. The information is =
=3D
intended=3D20 to be for the use of the individual or entity named above. If you are =
=3D
not the=3D20 intended recipient, please be aware that any disclosure, copying, =3D distribution=3D20 or use of the contents of this information is prohibited. Please notify =
=3D
the sender of the delivery error by replying to this message, or notify us =
=3D
by telephone (877-633-2436, ext. 0), and then delete it from your system. -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which = contains information which may be confidential or privileged. The information is = intended=20 to be for the use of the individual or entity named above. If you are = not the=20 intended recipient, please be aware that any disclosure, copying, = distribution=20 or use of the contents of this information is prohibited. Please notify = the sender of the delivery error by replying to this message, or notify us = by telephone (877-633-2436, ext. 0), and then delete it from your system. -- http://www.freelists.org/webpage/oracle-l
 |
 |