Hi.
I have my oracle databases with the following verify function.
CREATE OR REPLACE NONEDITIONABLE FUNCTION "SYS"."ORA12C_STRONG_VERIFY_FUNCTION
"
(username varchar2,
password varchar2,
old_password varchar2)
return boolean IS
differ integer;
lang varchar2(512);
message varchar2(512);
ret number;
begin
-- Get the cur context lang and use utl_lms for messages- Bug 22730089
lang := sys_context('userenv','lang');
lang := substr(lang,1,instr(lang,'_')-1);
if not ora_complexity_check(password, chars => 9, uppercase => 2, lowercase =
> 2,
digit => 2, special => 2) then
return(false);
end if;
-- Check if the password differs from the previous password by at least
-- 4 characters
if old_password is not null then
differ := ora_string_distance(old_password, password);
if differ < 4 then
ret := utl_lms.get_message(28211, 'RDBMS', 'ORA', lang, message);
raise_application_error(-20000, utl_lms.format_message(message, 'four')
);
end if;
end if;
return(true);
end;
In an external audit as a vulnerable point we need to cover this point
"You must not allow consecutive or repeated characters"
How can I modify the verify function to add this condition? , or know what else I can do to verify this password condition.?
Regards