DEVFYI - Developer Resource - FYI

How does one enforce strict password control? (for DBA

ORACLE Interview Questions and Answers (Part 4)


(Continued from previous question...)

608. How does one enforce strict password control? (for DBA

By default Oracle's security is not extremely good. For example, Oracle will allow users to choose single character passwords and passwords that match their names and userids. Also, passwords don't ever expire. This means that one can hack an account for years without ever locking the user.
From Oracle8 one can manage passwords through profiles. Some of the things that one can restrict:
. FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is locked
. PASSWORD_LIFE_TIME - limits the number of days the same password can be used for authentication
. PASSWORD_REUSE_TIME - number of days before a password can be reused
. PASSWORD_REUSE_MAX - number of password changes required before the current password can be reused
. PASSWORD_LOCK_TIME - number of days an account will be locked after maximum failed login attempts
. PASSWORD_GRACE_TIME - number of days after the grace period begins during which a warning is issued and login is allowed
. PASSWORD_VERIFY_FUNCTION - password complexity verification script
Look at this simple example:
CREATE PROFILE my_profile LIMIT
PASSWORD_LIFE_TIME 30;
ALTER USER scott PROFILE my_profile;

(Continued on next question...)

Other Interview Questions