Implementing password security in Oracle 10g
Learning objective
After completing this topic, you should be able to implement password security by configuring user profiles.
Exercise overview
In this exercise, you're required to implement password security by configuring user profiles.
This involves the following tasks:
- viewing password restrictions
- editing a user profile
- creating a user profile
- assigning a user to a profile
You suspect that unauthorized users may be trying to guess the passwords of privileged users in an attempt to gain access to sensitive data. You need to configure your database to protect against attempts to guess passwords.
Task 1: Viewing password restrictions
You first want to check the existing profiles in the database to see how secure they are.
View the password restrictions enforced by the default profile.
| Instructions |
|---|
| 1. Click Administration |
| 2. Click Profiles |
| 3. Ensure that DEFAULT is selected and click View |
Task 2: Editing a user profile
Edit the default profile so that users who fail to log in correctly three times in a row will have their accounts locked for 15 minutes.
| Instructions |
|---|
| 1. Click Edit |
| 2. Click Password |
| 3. Enter 3 in the Number of failed login attempts to lock after field |
4. Enter 15/1440 in the Number of days to lock for field |
| 5. Click Apply |
Task 3: Creating a user profile
Create a new profile with unlimited password expiration called HREXEMPTPROFILE.
| Instructions |
|---|
| 1. Click Create |
2. Enter HREXEMPTPROFILE in the Name field |
| 3. Click the Password tab |
4. Enter UNLIMITED in the Expire in (days) field |
| 5. Click OK |
Task 4: Assigning a user to a profile
Now assign the HREXEMPTPROFILE profile to the user Andrew Chung.
| Instructions |
|---|
| 1. Click Users |
| 2. Select ANDREW CHUNG and click Edit |
| 3. Click the down-pointing arrow in the Profile drop-down list and select HREXEMPTPROFILE |
| 4. Click Apply |
No comments:
Post a Comment