We have a SQL Server 2005 database running on a Windows Server 2003 machine. This database is now required to enforce password change variance for its logins, ie new passwords should differ from old ones by at least n characters. The logins use SQL Server Authentication. We have Enforce Password Policy checked for these logins, but the Windows password complexity policy doesn't inlcude the required variance rule.
Is there a way to implement this rule with a trigger or some other mechanism within SQL Server? We'd rather not resort to something exotic, like trying to decompile and edit passfilt.dll.
Let me know if I've left out any useful information, and thank you for any help you can provide.
I would use the Levenshtein distance:
CREATE FUNCTION edit_distance_within(@s nvarchar(4000), @t nvarchar(4000), @d int)
RETURNS int
AS
BEGIN
DECLARE @sl int, @tl int, @i int, @j int, @sc nchar, @c int, @c1 int,
@cv0 nvarchar(4000), @cv1 nvarchar(4000), @cmin int
SELECT @sl = LEN(@s), @tl = LEN(@t), @cv1 = '', @j = 1, @i = 1, @c = 0
WHILE @j <= @tl
SELECT @cv1 = @cv1 + NCHAR(@j), @j = @j + 1
WHILE @i <= @sl
BEGIN
SELECT @sc = SUBSTRING(@s, @i, 1), @c1 = @i, @c = @i, @cv0 = '', @j = 1, @cmin = 4000
WHILE @j <= @tl
BEGIN
SET @c = @c + 1
SET @c1 = @c1 - CASE WHEN @sc = SUBSTRING(@t, @j, 1) THEN 1 ELSE 0 END
IF @c > @c1 SET @c = @c1
SET @c1 = UNICODE(SUBSTRING(@cv1, @j, 1)) + 1
IF @c > @c1 SET @c = @c1
IF @c < @cmin SET @cmin = @c
SELECT @cv0 = @cv0 + NCHAR(@c), @j = @j + 1
END
IF @cmin > @d BREAK
SELECT @cv1 = @cv0, @i = @i + 1
END
RETURN CASE WHEN @cmin >= @d AND @c >= @d THEN @c ELSE -1 END
END
Create this function, then call the distance of the old and new passwords using this query:
select
dbo.edit_distance_within(@s,@t,@d)
Where @s
is the source string (old password), @t
is the target (new password), and @d
is the minimum change threshold.
Clarification: The Levenshtein distance calculates the variance by counting how many individual character changes it would take to match the source to the target.
EXAMPLE:
DECLARE @s varchar(200) = 'stackoverflow',
@t varchar(200) = 'lackdoversow',
@d int = 5
select
dbo.edit_distance_within(@s,@t,@d)
Result: 5
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.