Oracle Database Asset Protection Standards:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 15:42, 16 November 2006 by Mdpeters (talk | contribs)
Jump to navigation Jump to search

Oracle can manage passwords through profiles. Some of the things that one can restrict:

FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is locked.
PASSWORD_LIFE_TIME - limits the number of days the same password can be used for authentication.
PASSWORD_REUSE_TIME - number of days before a password can be reused.
PASSWORD_REUSE_MAX - number of password changes required before the current password can be reused.
PASSWORD_LOCK_TIME - number of days an account will be locked after maximum failed login attempts.
PASSWORD_GRACE_TIME - number of days after the grace period begins during which a warning is issued and login is allowed.
PASSWORD_VERIFY_FUNCTION - password complexity verification script.


You should specify a profile when you create a user. A profile is a set of limits on database resources and password access to the database. If no profile is specified, the user is assigned a default profile.

Complex password enforcement script example. Media:PASSWORD_FUNCTION.doc

--Mdpeters 10:36, 16 November 2006 (EST)