How to update a VERIFY_PASSWORD_FUNCTION in oracle for users to retain his password for 1 day at least before change/alter it









up vote
0
down vote

favorite












It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.










share|improve this question

















  • 1




    This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
    – APC
    Nov 11 at 9:57










  • No, I don't think its a fake, a client may have such a requirement in different cases.
    – Rajesh Chaudhary
    Nov 11 at 14:19










  • So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
    – Jeffrey Kemp
    Nov 12 at 5:19










  • It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
    – Rajesh Chaudhary
    yesterday















up vote
0
down vote

favorite












It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.










share|improve this question

















  • 1




    This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
    – APC
    Nov 11 at 9:57










  • No, I don't think its a fake, a client may have such a requirement in different cases.
    – Rajesh Chaudhary
    Nov 11 at 14:19










  • So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
    – Jeffrey Kemp
    Nov 12 at 5:19










  • It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
    – Rajesh Chaudhary
    yesterday













up vote
0
down vote

favorite









up vote
0
down vote

favorite











It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.










share|improve this question













It a one of requirement where the client needs there Oracle users do not change his password very soon, so they need to retain at least one day before altering it. So it can not be changed on the same day, where we have to update VERIFY_PASSWORD_FUNCTION code to set a limit minimum password age 1 day.







oracle passwords schema verify






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 11 at 4:37









Rajesh Chaudhary

10411




10411







  • 1




    This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
    – APC
    Nov 11 at 9:57










  • No, I don't think its a fake, a client may have such a requirement in different cases.
    – Rajesh Chaudhary
    Nov 11 at 14:19










  • So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
    – Jeffrey Kemp
    Nov 12 at 5:19










  • It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
    – Rajesh Chaudhary
    yesterday













  • 1




    This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
    – APC
    Nov 11 at 9:57










  • No, I don't think its a fake, a client may have such a requirement in different cases.
    – Rajesh Chaudhary
    Nov 11 at 14:19










  • So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
    – Jeffrey Kemp
    Nov 12 at 5:19










  • It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
    – Rajesh Chaudhary
    yesterday








1




1




This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57




This seems like a fake - or at least misguided - requirement. It's easy to think of reasons why a user might want or need to change their password soon after changing it. Why not let them?
– APC
Nov 11 at 9:57












No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19




No, I don't think its a fake, a client may have such a requirement in different cases.
– Rajesh Chaudhary
Nov 11 at 14:19












So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19




So if a user's password is changed to something insecure, you want to ensure they keep their insecure password for at least 24 hours?
– Jeffrey Kemp
Nov 12 at 5:19












It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday





It's always strong, In this function, we've already set strong password scenarios with the logic of multiple special and alphanumeric characters, and 1-day password retain is add-on requirement, so we've modified the code in such way.
– Rajesh Chaudhary
yesterday













1 Answer
1






active

oldest

votes

















up vote
-1
down vote



accepted










Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:



CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION" 
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/


From the above code you have to append only variables and logic.



Here is A Test Case:



SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;

User Created.

SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon

SQL>

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18

SQL> update user$ set ptime='03-Nov-18' where name='TEST11';

1 row updated.

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18

SQL> commit;

Commit complete.

SQL> alter user test11 identified by asdfhe#24HyrWW;

User altered.

SQL>


Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.






share|improve this answer
















  • 1




    It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
    – APC
    Nov 11 at 9:53











  • Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
    – Rajesh Chaudhary
    Nov 11 at 14:08










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245884%2fhow-to-update-a-verify-password-function-in-oracle-for-users-to-retain-his-passw%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
-1
down vote



accepted










Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:



CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION" 
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/


From the above code you have to append only variables and logic.



Here is A Test Case:



SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;

User Created.

SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon

SQL>

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18

SQL> update user$ set ptime='03-Nov-18' where name='TEST11';

1 row updated.

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18

SQL> commit;

Commit complete.

SQL> alter user test11 identified by asdfhe#24HyrWW;

User altered.

SQL>


Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.






share|improve this answer
















  • 1




    It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
    – APC
    Nov 11 at 9:53











  • Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
    – Rajesh Chaudhary
    Nov 11 at 14:08














up vote
-1
down vote



accepted










Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:



CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION" 
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/


From the above code you have to append only variables and logic.



Here is A Test Case:



SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;

User Created.

SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon

SQL>

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18

SQL> update user$ set ptime='03-Nov-18' where name='TEST11';

1 row updated.

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18

SQL> commit;

Commit complete.

SQL> alter user test11 identified by asdfhe#24HyrWW;

User altered.

SQL>


Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.






share|improve this answer
















  • 1




    It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
    – APC
    Nov 11 at 9:53











  • Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
    – Rajesh Chaudhary
    Nov 11 at 14:08












up vote
-1
down vote



accepted







up vote
-1
down vote



accepted






Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:



CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION" 
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/


From the above code you have to append only variables and logic.



Here is A Test Case:



SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;

User Created.

SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon

SQL>

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18

SQL> update user$ set ptime='03-Nov-18' where name='TEST11';

1 row updated.

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18

SQL> commit;

Commit complete.

SQL> alter user test11 identified by asdfhe#24HyrWW;

User altered.

SQL>


Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.






share|improve this answer












Append Below Code in "VERIFY_PASSWORD_FUNCTION" Function:



CREATE OR REPLACE FUNCTION "SYS"."VERIFY_PASSWORD_FUNCTION" 
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
last_change sys.user$.ptime%type;
minimum_age number :=1;
userexist integer;
begin
-- Set minimum password age
select count(*) into userexist from sys.user$ where name=username;
if (userexist != 0) then
select ptime into last_change from sys.user$ where name=username;
if sysdate - last_change < minimum_age then
raise_application_error(-20010, 'Password changed too soon');
END IF;
end if;
end;
/


From the above code you have to append only variables and logic.



Here is A Test Case:



SQL> create user TEST11 identified by asdfhe#24HyrE profile USERS;

User Created.

SQL> alter user test11 identified by asdfhe#24HyrWW;
alter user test11 identified by asdfhe#24HyrWW
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20010: Password changed too soon

SQL>

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 08-NOV-18

SQL> update user$ set ptime='03-Nov-18' where name='TEST11';

1 row updated.

SQL> select name,ptime from user$ where name='TEST11';

NAME PTIME
------------------------------ ---------
TEST11 03-NOV-18

SQL> commit;

Commit complete.

SQL> alter user test11 identified by asdfhe#24HyrWW;

User altered.

SQL>


Since we can not change the password within same day so we've updated ptime value to verify and tried again to alter password for Test11 user.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 11 at 4:37









Rajesh Chaudhary

10411




10411







  • 1




    It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
    – APC
    Nov 11 at 9:53











  • Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
    – Rajesh Chaudhary
    Nov 11 at 14:08












  • 1




    It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
    – APC
    Nov 11 at 9:53











  • Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
    – Rajesh Chaudhary
    Nov 11 at 14:08







1




1




It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53





It is very bad practice to update the SYS internal tables. Obviously this is just a clever trick to test your code but don't do it in Production (or any other environment you care about) because you run the risk of invalidating your Oracle Support contract.
– APC
Nov 11 at 9:53













Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08




Yes true, we don't have to update the sys table but, sometimes we've a little different requirement by the time we can make the changes.
– Rajesh Chaudhary
Nov 11 at 14:08

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245884%2fhow-to-update-a-verify-password-function-in-oracle-for-users-to-retain-his-passw%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Top Tejano songwriter Luis Silva dead of heart attack at 64

政党

天津地下鉄3号線