User SYS Is Immune To The Complexity Function

Today at work someone ask me about securize sys’ password by using the complexity function, but it didn’t work. First of all I have tell I need to review the documentation, this is a 12c version and new features can apply. Reading the doc I could see there are three three password verification functions;

verify_function_11G

  • Is the same function from 11g version.
  • The password is not the same as the user name.
  • The password is not too simple.
  • The password includes at least 1 numeric and 1 alphabetic character.
  • The password differs from the previous password by at least 3 characters.
  • The password contains no fewer than 8 characters

ora12c_verify_function

  • The password contains no fewer than 8 characters and includes at least 1 numeric and 1 alphabetic character.
  • The password is not the same as the user name or the user name reversed.
  • The password is not the same as the server name.
  • The password does not contain the word oracle.
  • The password differs from the previous password by at least 3 characters.
  • The password contains at least one special character.

ora12c_strong_verify_function

  • The password must contain at least two upper case characters, two lower casecharacters, two numeric characters, and two special characters. These special characters are as follows: ‘ ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ / < > , . ; ? ‘ : | (space) 
  • The password must differ from the previous password by at least four characters.
  • The password contains no fewer than 9 characters.

Please, for more information refer to Oracle doc at;

https://docs.oracle.com/database/121/DBSEG/authentication.htm#DBSEG3225

The issue is that these functions not affect to user SYS. This user is exent of this security policy.

HTH – Antonio NAVARRO

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s