Are you preparing for IT certification? With practice questions, study notes, interactive quizzes, tips and technical articles, uCertify PrepKits ensure that you get a solid grasp of core technical concepts to
ace your certification exam in first attempt.
Oracle's password management policy is used to maintain the secrecy of passwords in order to maintain the integrity of database security systems that are dependent on passwords. Oracle uses profiles to implement the password management policy. Oracle provides certain parameters to manage passwords, which can be listed in a profile. Assigning the profile to users confines them to certain limits set by the parameters in the profile. The password management policy includes the following password management features:
Account Locking: When a user exceeds a specified number of successive failed login attempts, Oracle automatically locks the user's account for a specified number of days. The FAILED_LOGIN_ATTEMPTS parameter specifies the number of failed login attempts after which a user account is locked. The PASSWORD_LOCK_TIME parameter specifies the number of days for which the user account remains locked. If the PASSWORD_LOCK_TIME is specified as UNLIMITED, the user account must be explicitly unlocked using the ALTER USER statement.
Password Aging and Expiration: Oracle's password aging and expiration feature ensures that the password of a user account expires after a specified number of days. The user or the Database Administrator must change the password once it has expired. The PASSWORD_LIFE_TIME parameter is used to specify the number of days after which a user account's password expires.
A grace period can also be specified for the password expiration. A grace period is the number of days for which a user can use his account, even after his account's password has expired. During the grace period, a warning message appears each time the user logs in to the database. If he does not change the password within the grace period, the password expires. Thereafter, he is prompted to change the password when he attempts to log in to the database. He cannot log in until he changes the password. The PASSWORD_GRACE_TIME parameter is used to specify the grace period.
Password History: Oracle's password history feature ensures that a user cannot reuse a password during a specified time interval. It also ensures that a user is required to change a password for a specified number of times before he can reuse the password. The PASSWORD_REUSE_TIME parameter is used to specify the time interval during which a password cannot be reused. The PASSWORD_REUSE_MAX parameter is used to specify the number of password changes required before a password can be reused. Only one of these two parameters can be specified at a time, i.e., if one of these two parameters is set to an integer value, the other must be set to UNLIMITED.
Password Complexity Verification: Oracle's password complexity verification feature ensures that a password is too complex to be guessed easily. The complexity of a password can be verified before a user can set the password for his account. The PASSWORD_VERIFY_FUNCTION parameter specifies a PL/SQL script that is used to verify the complexity of a password. Oracle provides a default PL/SQL script for this purpose. However, users can also create their own scripts. For example, a script can be created to verify that a password has a minimum length of four characters, the password is not the same as the account's name, the password has at least one alphabetical, one numeric, and one punctuation mark character, the password is not a simple or obvious word, and the password differs from the previous password by at least three characters.
