stackoom
  简体   繁体   中英

SQL Server 2005 login password change variance

 原文  2014-02-04 16:46:12       sql/ sql-server-2005/ passwords

Question

We have a SQL Server 2005 database running on a Windows Server 2003 machine. This database is now required to enforce password change variance for its logins, ie new passwords should differ from old ones by at least n characters. The logins use SQL Server Authentication. We have Enforce Password Policy checked for these logins, but the Windows password complexity policy doesn't inlcude the required variance rule.

Is there a way to implement this rule with a trigger or some other mechanism within SQL Server? We'd rather not resort to something exotic, like trying to decompile and edit passfilt.dll.

Let me know if I've left out any useful information, and thank you for any help you can provide.

1 answers

solution1
 0  2014-02-04 16:47:21

I would use the Levenshtein distance: 

CREATE FUNCTION edit_distance_within(@s nvarchar(4000), @t nvarchar(4000), @d int)
RETURNS int
AS
BEGIN
  DECLARE @sl int, @tl int, @i int, @j int, @sc nchar, @c int, @c1 int,
    @cv0 nvarchar(4000), @cv1 nvarchar(4000), @cmin int
  SELECT @sl = LEN(@s), @tl = LEN(@t), @cv1 = '', @j = 1, @i = 1, @c = 0
  WHILE @j <= @tl
    SELECT @cv1 = @cv1 + NCHAR(@j), @j = @j + 1
  WHILE @i <= @sl
  BEGIN
    SELECT @sc = SUBSTRING(@s, @i, 1), @c1 = @i, @c = @i, @cv0 = '', @j = 1, @cmin = 4000
    WHILE @j <= @tl
    BEGIN
      SET @c = @c + 1
      SET @c1 = @c1 - CASE WHEN @sc = SUBSTRING(@t, @j, 1) THEN 1 ELSE 0 END
      IF @c > @c1 SET @c = @c1
      SET @c1 = UNICODE(SUBSTRING(@cv1, @j, 1)) + 1
      IF @c > @c1 SET @c = @c1
      IF @c < @cmin SET @cmin = @c
      SELECT @cv0 = @cv0 + NCHAR(@c), @j = @j + 1
    END
    IF @cmin > @d BREAK
    SELECT @cv1 = @cv0, @i = @i + 1
  END
  RETURN CASE WHEN @cmin >= @d AND @c >= @d THEN @c ELSE -1 END
  END

Create this function, then call the distance of the old and new passwords using this query: 

select
 dbo.edit_distance_within(@s,@t,@d)

Where @s is the source string (old password), @t is the target (new password), and @d is the minimum change threshold.

Clarification: The Levenshtein distance calculates the variance by counting how many individual character changes it would take to match the source to the target.

EXAMPLE: 

DECLARE @s varchar(200) = 'stackoverflow',
        @t varchar(200) = 'lackdoversow',
        @d int = 5
select
     dbo.edit_distance_within(@s,@t,@d)

Result: 5

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Creating database SQL script with login no password SQL Server 2005 SQL Server 2005 — Login issue Change Tracking in SQL Server 2005 sql server 2005 database password recovery sql server 2005 - trigger to hash password at insertion approaches to encrypt password in sql server 2005 How do I script a password change for a SQL server login? SQL Server 2005 (Express) - Login vs User sync SQL Server 2005 login passwords Change Increment value for Identity - SQL Server 2005
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM