Managing Password Security And Resources

Password Management:

Name

Description

FAILED_LOGIN_ATTEMPTS

The number of failed attempts to log in to the user account before the account is locked

PASSWORD_GRACE_TIME

The number of days after the grace period begins during which a warning is issued and login is allowed. If the password is not changed during the grace period, the password expires

PASSWORD_LIFE_TIME

The number of days the same password can be used for authentication

PASSWORD_LOCK_TIME

The number of days an account will be locked after the specified number of consecutive failed login attempts defined by FAILED_LOGIN_ATTEMPTS

PASSWORD_REUSE_MAX

The number of times a password can be reused

PASSWORD_REUSE_TIME

The number of days between reuses of a password

 

Password Verification:

Name

Description

PASSWORD_VERIFY_FUNCTION

Verify passwords for length, content, and complexity

 

Sample script for creating a password verifies function:

{ORACLE_HOME}/rdbms/admin/utlpwdmg.sql

 

 Resource Management:

Name

Description

COMPOSITE_LIMIT

Maximum weighted sum of: CPU_PER_SESSION, CONNECT_TIME,
LOGICAL_READS_PER_SESSION, and PRIVATE_SGA. If this limit is exceeded, Oracle aborts the session and returns an error.

CONNECT_TIME

Allowable connect time per session in minutes

CPU_PER_CALL

Maximum CPU time per call (100ths of a second)

CPU_PER_SESSION

Maximum CPU time per session (100ths of a second)

IDLE_TIME

Allowed idle time before user is disconnected (minutes)

LOGICAL_READS_PER_CALL

Maximum number of database blocks read per call

LOGICAL_READS_PER_SESSION

Maximum number of database blocks read per session

PRIVATE_SGA

Maximum integer bytes of private space in the SGA (For Shared Server Only)

SESSIONS_PER_USER

Number of concurrent multiple sessions allowed per user

 

  Profile Creation:

CREATE PROFILE n_user LIMIT

FAILED_LOGIN_ATTEMPTS 3

PASSWORD_LOCK_TIME UNLIMITED

PASSWORD_LIFE_TIME 20

PASSWORD_REUSE_TIME 50

PASSWORD_VERIFY_FUNCTION verify_function

PASSWORD_GRACE_TIME 5;

 

Alter Profile:

ALTER PROFILE n_user LIMIT

PASSWORD_LOCK_TIME 1/24

SESSIONS_PER_USER 2

IDLE_TIME 60;

 

Assign Profile During User Creation:

CREATE USER topu IDENTIFIED BY topu#1

PROFILE n_user;

 

Assigning Profile after a user creation:

SQL> CREATE USER manik IDENTIFIED BY manik#1;

SQL> ALTER USER MANIK

           PROFILE n_user;

 

Drop Profile:

DROP PROFILE n_user;

 

Drop Profile with Users:

DROP PROFILE n_user CASCADE;

 

View the created Profile:

SELECT DISTINCT PROFILE

FROM dba_profiles;

 

View Information of an User Accounts:

SELECT username, expiry_date, account_status

FROM dba_users

WHERE username='TOPU';

Comments