Question

oracle验证功能包括检查最后一个密码的距离的设置。 ora12c_verify_function：

   -- Check if the password differs from the previous password by at least
   -- 3 characters
   IF old_password IS NOT NULL THEN
     differ := string_distance(old_password, password);
     IF differ < 3 THEN
        raise_application_error(-20010, 'Password should differ from the ' 
                                || 'old password by at least 3 characters');
     END IF;
   END IF ;

   RETURN(TRUE);
END;

为什么只能用一个不同的字符更改密码？

Connected to:
Oracle Database 12c Standard Edition Release 12.1.0.2.0 - 64bit Production

SQL> ALTER USER TEST PROFILE DEFAULT;
SQL> ALTER PROFILE default LIMIT PASSWORD_VERIFY_FUNCTION ora12c_verify_function;

SQL> alter user test identified by "123456789_abc!";

User altered.

SQL> alter user test identified by "123456789_abc!";
alter user test identified by "123456789_abc!"
*
ERROR at line 1:
ORA-28007: the password cannot be reused


SQL> alter user test identified by "123456789_abcd!";

User altered.

Answer 1

我在Oracle Support Doc ID 816932.1上找到了灵魂。该问题与以下事实有关：ALTER USER权限不要求用户知道旧密码，因此在使用此权限时它不会检查此旧密码。如果没有权限，用户需要使用REPLACE命令提供旧密码。

ALTER USER SCOTT IDENTIFIED BY NEWPASSWORD REPLACE TIGER;

Oracle验证函数12c - 字符串距离

1 个答案: