Oracle Database Asset Protection Standards:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
Oracle can manage passwords through profiles. Some of the things that one can restrict:<br>
<br>
:'''FAILED_LOGIN_ATTEMPTS''' - failed login attempts before the account is locked.<br>
:'''PASSWORD_LIFE_TIME''' - limits the number of days the same password can be used for authentication.<br>
:'''PASSWORD_REUSE_TIME''' - number of days before a password can be reused.<br>
:'''PASSWORD_REUSE_MAX''' - number of password changes required before the current password can be reused.<br>
:'''PASSWORD_LOCK_TIME''' - number of days an account will be locked after maximum failed login attempts.<br>
:'''PASSWORD_GRACE_TIME''' - number of days after the grace period begins during which a warning is issued and login is allowed.<br>
:'''PASSWORD_VERIFY_FUNCTION''' - password complexity verification script.<br>
<br>
You should specify a profile when you create a user. A profile is a set of limits on database resources and password access to the database. If no profile is specified, the user is assigned a default profile.<br>
<br>
Complex password enforcement script example. [[Media:PASSWORD_FUNCTION.doc]]<br>
Complex password enforcement script example. [[Media:PASSWORD_FUNCTION.doc]]<br>
 
<br>
--[[User:Mdpeters|Mdpeters]] 10:36, 16 November 2006 (EST)
--[[User:Mdpeters|Mdpeters]] 10:36, 16 November 2006 (EST)

Revision as of 15:42, 16 November 2006

Oracle can manage passwords through profiles. Some of the things that one can restrict:

FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is locked.
PASSWORD_LIFE_TIME - limits the number of days the same password can be used for authentication.
PASSWORD_REUSE_TIME - number of days before a password can be reused.
PASSWORD_REUSE_MAX - number of password changes required before the current password can be reused.
PASSWORD_LOCK_TIME - number of days an account will be locked after maximum failed login attempts.
PASSWORD_GRACE_TIME - number of days after the grace period begins during which a warning is issued and login is allowed.
PASSWORD_VERIFY_FUNCTION - password complexity verification script.


You should specify a profile when you create a user. A profile is a set of limits on database resources and password access to the database. If no profile is specified, the user is assigned a default profile.

Complex password enforcement script example. Media:PASSWORD_FUNCTION.doc

--Mdpeters 10:36, 16 November 2006 (EST)