Creating a Password Function v12
When specifying PASSWORD_VERIFY_FUNCTION
, you can provide a customized function that specifies the security rules that will be applied when your users change their password. For example, you can specify rules that stipulate that the new password must be at least n characters long, and may not contain a specific value.
The password function has the following signature:
Where:
user_name
is the name of the user.new_password
is the new password.old_password
is the user's previous password. If you reference this parameter within your function:
When a database superuser changes their password, the third parameter will always be NULL
.
When a user with the CREATEROLE
attribute changes their password, the parameter will pass the previous password if the statement includes the REPLACE
clause. Note that the REPLACE
clause is optional syntax for a user with the CREATEROLE
privilege.
When a user that is not a database superuser and does not have the CREATEROLE
attribute changes their password, the third parameter will contain the previous password for the role.
The function returns a Boolean value. If the function returns true and does not raise an exception, the password is accepted; if the function returns false or raises an exception, the password is rejected. If the function raises an exception, the specified error message is displayed to the user. If the function does not raise an exception, but returns false, the following error message is displayed:
ERROR: password verification for the specified password failed
The function must be owned by a database superuser, and reside in the sys
schema.
Example:
The following example creates a profile and a custom function; then, the function is associated with the profile. The following CREATE PROFILE
command creates a profile named acctg_pwd_profile
:
The following commands create a (schema-qualified) function named verify_password
:
The function first ensures that the password is at least 5 characters long, and then compares the new password to the old password. If the new password contains fewer than 5 characters, or contains the old password, the function raises an error.
The following statement sets the ownership of the verify_password
function to the enterprisedb
database superuser:
Then, the verify_password
function is associated with the profile:
The following statements confirm that the function is working by first creating a test user (alice)
, and then attempting to associate invalid and valid passwords with her role:
Then, when alice
connects to the database and attempts to change her password, she must adhere to the rules established by the profile function. A non-superuser without CREATEROLE
must include the REPLACE
clause when changing a password:
The new password must be at least 5 characters long:
If the new password is acceptable, the command completes without error:
If alice
decides to change her password, the new password must not contain the old password:
To remove the verify function, set password_verify_function
to NULL
:
Then, all password constraints will be lifted: