OraFAQ Forum: Marketplace » Alternative to Oracle's sample PASSWORD_VERIFY

Home » Other » Marketplace » Alternative to Oracle's sample PASSWORD_VERIFY_FUNCTION (Oracle9i, Oracle10g, Oracle11g,PASSWORD_VERIFY_FUNCTION)

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Alternative to Oracle's sample PASSWORD_VERIFY_FUNCTION [message #292623]

Wed, 09 January 2008 07:32

sjfletcher
Messages: 1
Registered: January 2008
Location: United Kingdom

Junior Member

Does your database use a password verification function?[ 3 votes ]
1.	Yes we use the sample function supplied by Oracle.	0 / 0%
2.	Yes we have a function specifically written/customised for our site.	2 / 67%
3.	No we don't see the need.	0 / 0%
4.	No we don't have the time/resource.	0 / 0%
5.	No we don't have the in-house expertise.	0 / 0%
6.	What's a password verification function?	1 / 33%

Hi All,

When performing database security assessments and recommending that clients utilise database profiles to enforce a password policy, we are often asked for a password verification function for use with the PASSWORD_VERIFY_FUNCTION parameter. Although Oracle does provide a sample function (VERIFY_FUNCTION), many of our customers do not have the in house expertise to make the necessary modifications to meet their password verification requirements.

So in response to our customers’ requests, we have written an alternative to the supplied password verification function that performs most of the checks our clients need, while still being easily configurable using a set of constants near the beginning of the function.

We’ve made it freely available to the public. It is available for download from our downloads page:

http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads

If you have any feedback please feel free to email me at simon.fletcher@pentest.co.uk.

We hope it proves useful.

Simon Fletcher

Database Security Consultant
Pentest Limited

Report message to a moderator

Re: Alternative to Oracle's sample PASSWORD_VERIFY_FUNCTION [message #292626 is a reply to message #292623]

Wed, 09 January 2008 07:45

Michel Cadot
Messages: 68716
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

many of our customers do not have the in house expertise to make the necessary modifications to meet their password verification requirements.

It is simple PL/SQL, they just have to hire a trainee or beginner to write it.

Quote:

We’ve made it freely available to the public. It is available for download from our downloads page:

This must be in Marketplace forum.

Regards
Michel

Report message to a moderator

Previous Topic:	Opening: Oracle DB Developers (Philadelphia area)
Next Topic:	Oracle Consultant Financial (GL-AP-FA-AR-CM)

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Mon Nov 25 08:08:05 CST 2024