ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Define Your Own Security Policy using Oracle Profiles - Define Password Reuse, grace time, lifetime and other ploicies

Updated on March 18, 2012

What is Security Policy?

You would have seen with Oracle asking you for a password change automatically once per a month. Also when you try to provide a new password, Oracle would restrict you not to use old passwords. These are all security Policy.

Well I would say this as a "Set of rules to strengthen the system security across various group of users".

A Real Example:

Take a look at below requirement with a set of rules for defining the security policy in our system.

a) Security Policy for Offshore

  • Users should change their password once in a month with 5 days grace time.
  • Last three Passwords should not be used.
  • A password should not be reused in 1 months time span.
  • Session should expire after 20 idle minutes.
  • Do not allow more than 3 successive failure attempts for login.
  • Unlock a account 2 hours after the lock.

b) Security Policy for Onshore

  • Users should change their password once in two months with 10 days grace time.
  • Last five Passwords should not be used.
  • A password should not be reused in 2 months time span.
  • Session should expire after 20 idle minutes.
  • Do not allow more than 3 successive failure attempts for login.
  • Unlock a account 2 hours after the lock.

Watch the Example Here

Click thumbnail to view full-size

The Real life implementation

Well i hop the above sounds interesting. But how to implement? Profiles are one of the greatest features provided with Oracle that allows us to define security policies. No matter if you are not heard this before. Just go through the below steps and code to create the policy a.

CREATE PROFILE offshore_users LIMIT
PASSWORD_LIFE_TIME 30 -- Users should change their password once in 
                      -- a month.
PASSWORD_GRACE_TIME 5 -- Password grace time
PASSWORD_REUSE_MAX 3 -- Last three Passwords should not be used.
PASSWORD_REUSE_TIME 30 -- A password should not be reused in 
                       -- 1 months time span.
IDLE_TIME 20 -- Session should expire after 20 idle mins.
FAILED_LOGIN_ATTEMPTS 3 -- Do not allow more than 3 successive 
                        -- failure attempts for login.
PASSWORD_LOCK_TIME 2/24; -- Unlock a account 2 hours after the lock.

See the comment line at the end of each line (followed by ‘-‘ ), you can see each line defines the rules under policy.

Ok How I can check this. Do one of the following to check this.

a) Create a user and assign the profile as offshore_users.

 
create user peter identified by john123#
profile offshore_users;

b) To test the security policy defined, try changing the password

 
alter user peter identified by john1234#;
alter user peter identified by john123#;

Below is the output for the first alter user statement. As the password is not used earlier, this will be accepted.

alter user peter succeeded.
 

As the password with second alter user statement, is used during creation of user peter, it will be not accepted. You would encounter the below error.

Error starting at line 5 in command:
alter user peter
identified by john123#
profile offshore_users
Error report:
SQL Error: ORA-28007: the password cannot be reused
28007. 00000 - "the password cannot be reused"
*Cause: The password cannot be reused for the specified number of
days or for the specified number of password changes
*Action: Try the password that you have not used for the specified
number of days or the specified number of password changes
Refer to the password parameters in the CREATE PROFILE statement

Refer the pictures in slide show to see how the above example works.

Hope you understood well. With this, I leave the policy-b for you and would appreciate if you post the results here.

PCI Compliance

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)