For years, many operating systems have supported the ability to define password composition, complexity, aging, expiration, history, and account locking. With past releases, Oracle has lagged behind. But with the advent of Oracle8, these features have now become available in an Oracle database. All the password functions mentioned here are defined using the CREATE PROFILE statement, as shown in the previous section. To enable password management in your Oracle system, the UTLPWDMG.SQL script must be run as sys from the sysmgr account. This script can be found in:

  • The $ORACLE_HOME/rdbms/admin directory on a UNIX system

  • The $ORACLE_HOME/rdbms/admin directory on a Windows NT system

  • The $ORACLE_HOME:[rdbms] directory on an OpenVMS system

First, let’s examine what each of these features lets the DBA accomplish.

Password Composition and Complexity

Oracle’s password composition and complexity features enable the DBA to describe how a password must look (its physical composition). Oracle’s new complexity verification mechanism checks each password to ensure that it is complex enough to provide reasonable protection from someone who might be trying to guess a password to break into the database. Since the complexity verification is provided by Oracle through a PL/SQL function, you can add even more complexity to the default mechanism by writing your own function. The function must be owned by sys in order to perform properly.

Basic rules

The basic rules enforced by the default PL/SQL ...

Get Oracle Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.