Oracle Login Profile Default Settings

    Sep 21, 2017 2:34:57 PM by Dan Hotka

    Hi,

    I just wrote a short blog on changing the expiring password behavior of Oracle12.  I think most of these settings are valid for Oracle11 as well.

    The short blog was on resetting PASSWORD_LIFE_TIME (defaults to 180 days) and FAILED_LOGIN_ATTEMPTS, which defaults to 10.

    Review the list below. 

     

    In a production environment, I might limit CONNECT_TIME but maybe more important is IDLE_TIME.  I believe both of these settings are in minutes. 

    You can also use this profile environment to play governor for your users as well…limiting LOGICAL_READS, SESSIONS, and CPU utilization if so desired.

    Other security features to implement here, especially in a production environment, would be PASSWORD_REUSE_MAX.  This setting allows users to use the same password over and over.  Setting this to 0 would force them to change the password each time.  I would probably set it to 1 or 2…so they could reuse their existing password a couple of times perhaps.  I would also use this setting in conjunction with PASSWORD_LIFE_TIME that would force users to change their password with some degree of frequency.  If you desire users to change passwords every month, then alter this setting to 30.

    PASSWORD_LOCK_TIME and PASSWORD_GRACE_TIME can really tighten down security but can make more work for the help desk and/or DBA staff (depends on who fixes failed passwords). 

    If you work for a larger company, perhaps there is a security team that can give advice as to company-wide guidelines as to how to best set password expiring, password required change, and the frequency that users need a different password.

    Use the syntax: ALTER PROFILE DEFAULT LIMIT <resource name> <setting>;

    You can stack changes up on one line as well.  You need to be logged in as SYS or SYSTEM.

    You maybe be able to  use this syntax in the future to provide the same list as above.  Subtle changes might occur over future releases.  Oracle Corp can add/change/delete some of these as well.

    select * from dba_profiles where profile = 'DEFAULT';

    I hope you find these tips useful in your day to day use of the Oracle RDBMS.

     

    Dan Hotka

    Author/Instructor/Oracle Expert

    www.DanHotka.com

    Dan@DanHotka.com

     

    Tags: Oracle

    Dan Hotka

    Written by Dan Hotka

    Dan Hotka is an Author/Instructor/Expert/Oracle ACE Director Alumni who uses TOAD regularly in his web-based and on-line courses. He is well published with many books still available on Amazon or www.DanHotka.com. Dan is available for user groups and company educational events. He regularly speaks at user groups around the world. Check his website for course listings, references, and discount codes for his online courses based in Safari. Dan's most recent book is Toad for Oracle Unleashed