Oracle, enforce password control

by · December 1, 2014

Oracle’s security (by default) is limited. A user can choose single character password and password that
match their names, etc, . Also, password never expire.
Oracle allowing to manage password through profiles.
Following are some parameters that can be set in the user profile
 FAILED_LOGIN_ATTEMPTS – failed login attempts before the account is locked
 PASSWORD_LIFE_TIME – limits the number of days the same password can be used for
authentication
 PASSWORD_REUSE_TIME – number of days before a password can be reused
 PASSWORD_REUSE_MAX – number of password changes required before the current
password can be reused
 PASSWORD_LOCK_TIME – number of days an account will be locked after maximum
failed login attempts
An example of how to force the user to change password after 15 days :
CREATE PROFILE p_usr LIMIT
PASSWORD_LIFE_TIME 15;
ALTER USER etica PROFILE p_usr;

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *