Alternative to Oracle's sample PASSWORD_VERIFY_FUNCTION

From: <>
Date: Tue, 8 Jan 2008 08:57:17 -0800 (PST)
Message-ID: <>

Hi All,

When performing database security assessments and recommending that clients utilises database profiles to enforce a password policy, we are often asked for a password verification function for use with the PASSWORD_VERIFY_FUNCTION parameter. Although Oracle does provide a sample function (VERIFY_FUNCTION), many of our customers do not have the in house expertise to make the necessary modifications to meet their password verification requirements.

So in response to our customers' requests, we have written an alternative to the supplied password verification function that performs most of the checks our clients need, while still being easily configurable using a set of constants near the beginning of the function.

We've made it freely available to the public. It is available for download from our downloads page:

If you have any feedback please feel free to email me at

We hope it proves useful.

Simon Fletcher

Database Security Consultant
Pentest Limited Received on Tue Jan 08 2008 - 10:57:17 CST

Original text of this message