You can create a custom function to verify passwords by using the Amazon RDS
procedure rdsadmin.rdsadmin_password_verify.create_verify_function
.
The create_verify_function
procedure is supported for all versions
of RDS for Oracle.
The create_verify_function
procedure has the following parameters.
Parameter name | Data type | Default | Required | Description |
---|---|---|---|---|
|
varchar2 |
— |
Yes |
The name for your custom function. This function is created for you in the SYS schema. You assign this function to user profiles. |
|
number |
8 |
No |
The minimum number of characters required. |
|
number |
256 |
No |
The maximum number of characters allowed. |
|
number |
1 |
No |
The minimum number of letters required. |
|
number |
0 |
No |
The minimum number of uppercase letters required. |
|
number |
0 |
No |
The minimum number of lowercase letters required. |
|
number |
1 |
No |
The minimum number of digits required. |
|
number |
0 |
No |
The minimum number of special characters required. |
|
number |
3 |
No |
The minimum number of different characters required between the old and new password. |
|
boolean |
true |
No |
Set to |
|
boolean |
true |
No |
Set to |
|
boolean |
true |
No |
Set to |
|
boolean |
true |
No |
Set to |
|
boolean |
false |
No |
Set to |
|
boolean |
false |
No |
Set to |
You can create multiple password verification functions.
There are restrictions on the name of your custom function. Your custom
function can't have the same name as an existing system object. The name can be
no more than 30 characters long. Also, the name must include one of the
following strings: PASSWORD
, VERIFY
,
COMPLEXITY
, ENFORCE
, or STRENGTH
.
The following example creates a function named
CUSTOM_PASSWORD_FUNCTION
. The function requires that a password
has at least 12 characters, 2 uppercase characters, 1 digit, and 1 special
character, and that the password disallows the @ character.
begin
rdsadmin.rdsadmin_password_verify.create_verify_function(
p_verify_function_name => 'CUSTOM_PASSWORD_FUNCTION
',
p_min_length => 12
,
p_min_uppercase => 2
,
p_min_digits => 1
,
p_min_special => 1
,
p_disallow_at_sign => true
);
end;
/
To see the text of your verification function, query DBA_SOURCE
.
The following example gets the text of a custom password function named
CUSTOM_PASSWORD_FUNCTION
.
COL TEXT FORMAT a150
SELECT TEXT
FROM DBA_SOURCE
WHERE OWNER = 'SYS'
AND NAME = 'CUSTOM_PASSWORD_FUNCTION
'
ORDER BY LINE;
To associate your verification function with a user profile, use alter
profile
. The following example associates a verification function
with the DEFAULT
user profile.
ALTER PROFILE DEFAULT
LIMIT PASSWORD_VERIFY_FUNCTION CUSTOM_PASSWORD_FUNCTION
;
To see what user profiles are associated with what verification functions,
query DBA_PROFILES
. The following example gets the profiles that
are associated with the custom verification function named
CUSTOM_PASSWORD_FUNCTION
.
SELECT * FROM DBA_PROFILES WHERE RESOURCE_NAME = 'PASSWORD' AND LIMIT = 'CUSTOM_PASSWORD_FUNCTION
';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------- -------------------------------- -------- ------------------------
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD CUSTOM_PASSWORD_FUNCTION
The following example gets all profiles and the password verification functions that they are associated with.
SELECT * FROM DBA_PROFILES WHERE RESOURCE_NAME = 'PASSWORD_VERIFY_FUNCTION';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------- -------------------------------- -------- ------------------------
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD CUSTOM_PASSWORD_FUNCTION
RDSADMIN PASSWORD_VERIFY_FUNCTION PASSWORD NULL