Oracle application provides Password Policy Security Solution:
There are few PROFILE which control the password security for oracle application
This profile option you can set under "system administrator" responsibility at SITE / RESPON / USER Level.
Signon Password Failure Limit
The Signon Password Failure Limit profile option determines the maximum number of
log in attempts before the user's account is disabled.
Users cannot see or update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_FAILURE_LIMIT.
Signon Password Hard to Guess
The Signon Password Hard to Guess profile option sets rules for choosing passwords
to ensure that they will be "hard to guess." A password is considered hard-to-guess
if it follows these rules:
- The password contains at least one letter and at least one number.
- The password does not contain the user name.
- The password does not contain repeating characters.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_HARD_TO_GUESS.
Signon Password Length
Signon Password Length sets the minimum length of an Applications signon password.
If no value is entered the minimum length defaults to 5.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_LENGTH.
Signon Password No Reuse
This profile option specifies the number of days that a user must wait before being
allowed to reuse a password.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_NO_REUSE.
Signon Password Case
There are two settings: 'Sensitive' and 'Insensitive'.
The default is 'Insensitive'.
Setting this profile option to 'Sensitive' will make the password case sensitive.
'Mixed' is no longer supported.
Find more in Oracle System administrator guide - Security
http://download.oracle.com/docs/cd/B34956_01/current/html/docset.html
No comments:
Post a Comment