Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

how do I modify a function to include password complexity of not having more than 3 characters of the same class consecutively

Posted on 2014-07-17
2
Medium Priority
?
634 Views
Last Modified: 2014-07-18
I have a function that checks for strong password during user creation. I need to include a rule that the password should have no more than 3 characters of the same class
for example the password should not contain 4 lower case char, 4 numbers, 4 special characters consecutively

Below the function:

BEGIN
    -- Check if the password is same as the username
    IF NLS_LOWER(password) = NLS_LOWER(username)
    THEN
        RAISE_APPLICATION_ERROR(-20001, 'Password same as or similar to user');
    END IF;

    -- Check for the minimum length of the password
    IF LENGTH(password) < 12
    THEN
        RAISE_APPLICATION_ERROR(-20002, 'Password length less than 12');
    END IF;

    -- check for 2 digits
    IF REGEXP_INSTR(
           password,
           '[0-9]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20003, 'Password should contain at least 2 digits');
    END IF;

    -- check for 2 upper
    IF REGEXP_INSTR(
           password,
           '[A-Z]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20004, 'Password should contain at least 2 upper-case characters');
    END IF;

    -- check for 2 lower
    IF REGEXP_INSTR(
           password,
           '[a-z]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20005, 'Password should contain at least 2 lower-case characters');
    END IF;

    -- check for 2 special
    IF REGEXP_INSTR(
           password,
           '["#$%&()!`*+,-/:;<=>?_]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20003, 'Password should contain at least 2 special characters');
    END IF;

    RETURN TRUE;
END;

How do I modify it to include this rule?
0
Comment
Question by:sikyala
2 Comments
 
LVL 74

Accepted Solution

by:
sdstuber earned 2000 total points
ID: 40202285
try this...

CREATE OR REPLACE FUNCTION verify_function_11g(
    username        VARCHAR2,
    password        VARCHAR2,
    old_password    VARCHAR2
)
    RETURN BOOLEAN
IS
    n               BOOLEAN;
    m               INTEGER;
    differ          INTEGER;
    db_name         VARCHAR2(40);
    i_char          VARCHAR2(10);
    simple_password VARCHAR2(10);
    reverse_user    VARCHAR2(32);
BEGIN
    -- Check if the password is same as the username
    IF NLS_LOWER(password) = NLS_LOWER(username)
    THEN
        RAISE_APPLICATION_ERROR(-20001, 'Password same as or similar to user');
    END IF;

    -- Check for the minimum length of the password
    IF LENGTH(password) < 12
    THEN
        RAISE_APPLICATION_ERROR(-20002, 'Password length less than 12');
    END IF;

    -- check for 2 digits
    IF REGEXP_INSTR(
           password,
           '[0-9]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20003, 'Password should contain at least 2 digits');
    END IF;

    -- check for 2 upper
    IF REGEXP_INSTR(
           password,
           '[A-Z]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20004, 'Password should contain at least 2 upper-case characters');
    END IF;

    -- check for 2 lower
    IF REGEXP_INSTR(
           password,
           '[a-z]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20005, 'Password should contain at least 2 lower-case characters');
    END IF;

    -- check for 2 special
    IF REGEXP_INSTR(
           password,
           '["#$%&()!`*+,-/:;<=>?_]',
           1,
           2
       ) = 0
    THEN
        RAISE_APPLICATION_ERROR(-20003, 'Password should contain at least 2 special characters');
    END IF;

    -- check for 4 or more consecutive digits
    IF REGEXP_INSTR(password, '[0-9]{4,}') != 0
    THEN
        RAISE_APPLICATION_ERROR(-20003, 'Password should not contain 4 consecutive digits');
    END IF;

    -- check for 4 or more consecutive upper
    IF REGEXP_INSTR(password, '[A-Z]{4,}') != 0
    THEN
        RAISE_APPLICATION_ERROR(
            -20004,
            'Password should not contain 4 consecutive upper-case characters'
        );
    END IF;

    -- check for 4 or more consecutive lower
    IF REGEXP_INSTR(password, '[a-z]{4,}') != 0
    THEN
        RAISE_APPLICATION_ERROR(
            -20005,
            'Password should not contain 4 consecutive lower-case characters'
        );
    END IF;

    -- check for 4 or more consecutive special
    IF REGEXP_INSTR(password, '["#$%&()!`*+,-/:;<=>?_]{4,}') != 0
    THEN
        RAISE_APPLICATION_ERROR(
            -20003,
            'Password should not contain 4 consecutive special characters'
        );
    END IF;

    RETURN TRUE;
END;

Open in new window

0
 

Author Closing Comment

by:sikyala
ID: 40205052
excellent!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
Suggested Courses
Course of the Month15 days, 17 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question