How to update a VERIFY_PASSWORD_FUNCTION in oracle for users to retain his password for 1 day at least before change/alter it
up vote
0
down vote
favorite
It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.
oracle passwords schema verify
add a comment |
up vote
0
down vote
favorite
It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.
oracle passwords schema verify
1
This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57
No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19
So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19
It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.
oracle passwords schema verify
It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.
oracle passwords schema verify
oracle passwords schema verify
asked Nov 11 at 4:37
Rajesh Chaudhary
10411
10411
1
This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57
No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19
So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19
It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday
add a comment |
1
This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57
No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19
So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19
It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday
1
1
This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57
This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57
No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19
No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19
So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19
So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19
It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday
It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday
add a comment |
1 Answer
1
active
oldest
votes
up vote
-1
down vote
accepted
Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:
CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION"
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/
From the above code you have to append only variables and logic.
Here is A Test Case:
SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;
User Created.
SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon
SQL>
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18
SQL> update user$ set ptime='03-Nov-18' where name='TEST11';
1 row updated.
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18
SQL> commit;
Commit complete.
SQL> alter user test11 identified by asdfhe#24HyrWW;
User altered.
SQL>
Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.
1
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
-1
down vote
accepted
Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:
CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION"
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/
From the above code you have to append only variables and logic.
Here is A Test Case:
SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;
User Created.
SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon
SQL>
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18
SQL> update user$ set ptime='03-Nov-18' where name='TEST11';
1 row updated.
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18
SQL> commit;
Commit complete.
SQL> alter user test11 identified by asdfhe#24HyrWW;
User altered.
SQL>
Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.
1
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
add a comment |
up vote
-1
down vote
accepted
Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:
CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION"
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/
From the above code you have to append only variables and logic.
Here is A Test Case:
SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;
User Created.
SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon
SQL>
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18
SQL> update user$ set ptime='03-Nov-18' where name='TEST11';
1 row updated.
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18
SQL> commit;
Commit complete.
SQL> alter user test11 identified by asdfhe#24HyrWW;
User altered.
SQL>
Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.
1
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
add a comment |
up vote
-1
down vote
accepted
up vote
-1
down vote
accepted
Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:
CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION"
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/
From the above code you have to append only variables and logic.
Here is A Test Case:
SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;
User Created.
SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon
SQL>
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18
SQL> update user$ set ptime='03-Nov-18' where name='TEST11';
1 row updated.
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18
SQL> commit;
Commit complete.
SQL> alter user test11 identified by asdfhe#24HyrWW;
User altered.
SQL>
Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.
Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:
CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION"
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/
From the above code you have to append only variables and logic.
Here is A Test Case:
SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;
User Created.
SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon
SQL>
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18
SQL> update user$ set ptime='03-Nov-18' where name='TEST11';
1 row updated.
SQL> select name,ptime from user$ where name='TEST11';
NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18
SQL> commit;
Commit complete.
SQL> alter user test11 identified by asdfhe#24HyrWW;
User altered.
SQL>
Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.
answered Nov 11 at 4:37
Rajesh Chaudhary
10411
10411
1
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
add a comment |
1
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
1
1
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245884%2fhow-to-update-a-verify-password-function-in-oracle-for-users-to-retain-his-passw%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57
No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19
So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19
It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday