Password Protection in Oracle 11g
Should your Oracle database password policy be restricted?
This article shows how you can use Oracle provided built-in password protections to make a strong and secure
1. Enforced case sensitivity for passwords: In Oracle 11g, you can enable or disable password case sensitivity. To control the use of case sensitivity in passwords, set the SEC_CASE_SENSITIVE_LOGON initialization parameter. Only users who have the ALTER SYSTEM privilege can set the SEC_CASE_SENSITIVE_LOGON parameter. Set it to TRUE to enable case sensitivity or FALSE to disable case sensitivity.
The statement below enable case sensitivity.
ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE
2. Password complexity checking: Keeping password complex enough provide reasonable protection against intruders who try to break into the system by guessing passwords. Never use a dictionary based password. In Oracle 11g, you can force users to create strong, secure passwords for database user accounts.
Oracle provides a sample password verification function in the PL/SQL script called UTLPWDMG.SQL (located in $ORACLE_BASE/ORACLE_HOME/RDBMS/ADMIN).
The UTLPWDMG.SQL script checks for the following requirements when users create or modify passwords:
* The password contains at least eight characters and does not exceed 30 characters.
* The password is not the same as the user name.
* The password is not the same as the server name.
* The password is not based on common dictionary based words.for example, welcome1, database1, account1, user1234, password1, oracle, oracle123, computer1, abcdefg1, or change_on_install.
* The password includes at least 1 numeric and 1 alphabetic character.
* The password differs from the previous password by at least 3 letters.