13 - Managing Password Security and Resources

 1,Objectives

 .Manage passwords using profiles

 .Administer profile

 .Control use of resources using profiles

 .Obtain information about profiles,passdord managemnet and resources

2,Profiles

  .A profile is a named set of password and resource limits

  .Profiles are assigned to users by the CREATE USER OR ALTER USER command

  .Can be enabled or disabled.

  .Can relate to default profile

3,Password Management

 .Password history ,Account locking, Password expiration and aging,Password verification

4,Enabling Password Management

 .Set up password management by using profile and assign them to users

 .Lock,unlock,and expire accounts using the CREATE USER OR ALTER USER command

 .Password limits are always enforced.

 SQL>1  create profile profile1 limit

   2  password_lock_time 1/1440

   3  failed_login_attempts 3

 SQL>  1  alter profile profile1 limit

    2  password_life_time 2

    3* password_grace_time 3

   Profile altered.

 SQL>1  alter profile profile1 limit

    2  password_reuse_time 10

    3* password_reuse_max 3

   Profile altered.

5,User-Provided Password Function

 Function must be created int the sys schema and must have the following specification:

 function_name(

  userid_parameter IN VARCHAR2(30),

  password_parameter IN VARCHAR2(30),

  old_password_parameter IN VARCHAR2(30),

 ) 

 Return BOOLEAN

6,Password Verification Function VERIFY_FUNCTION

 .Minimum length is four characters

 .Password should not be equal to username

 .Password should hava at least one alphabetic,one number,and one special character

 .passeord should diff from the previous password by at least three letters.

 SQL> start D:\oracle\product\10.1.0\Db_2\RDBMS\ADMIN\utlpwdmg.sql

  Function created.

  Profile altered.

 SQL> alter user stock

    2  profile default;

  User altered.

 SQL>1  alter profile profile1 limit

  2* password_verify_function verify_function

 Profile altered.

7,Dropping a profile:Password Setting

 Drop Profile develop_pro;

 Drop Profile  develop_pro CASCADE;

8,Resource Management

 .Resource management limits can be enforced at the

  session level,the call level ,or both

 SQL>alter system set resource_limit=true;

9,Setting Resource Limits at Session Level

 .CPU_PRE_SESSION:1/100s

 .SESSIONS_PER_USER:1/100s

 .CONNECT_TIME:1 minutes

 .IDLE_TIME :Periods of inactive time measured in minutes

 .LOGICAL_READS_PER_SESSION:Number of data blocks

 .PRIVATE_SGA:Private space in the SGA measured in bytes(for Shared server only)

 SQL>SQL> run

  1  alter profile profile1 limit

  2  cpu_per_session 1000

  3  connect_time 60

  4* idle_time 5

 Profile altered.

10,Setting Resource Limits at call Level

 .CPU_PER_CALL

 .LOGICAL_READS_PER_CALL

11,Managing Resources Using the Database Resource Manager

 .DBMS_RESOURCE_MANAGER package is used to create and maintain elements

12,Obtain Password and Resources limits Information

 .DBA_USERS

 .DBA_PROFILES