Managing password security and resources
2013-01-15 00:03
239 查看
A profile is a named set(集合) of password and resource limits.
what is a profile ?
Password aging and expirationPassword history
Password complexity verification
Account locking
CPU time
I/O operations
Idle time
Connect time
Memory space( private SQL area for MTS only)
Concurrent sessions
After a profile has been created, the database administrator can assign it to each user. if resource limits are enabled, the oracle server limits the database usage and resources to the defined profile of the user.
profiles are assigned to users by the CREATE USER or ALTER USER command.
Profiles can be enabled or disabled
Profiles can relate to the DEFAULT profile.
After a profile has been created, the database administrator can assign it to each user.
The Oracle server automatically creates a DEFAULT profile when the database is created. All limits of the DEFAULT profile are initially unlimited. However, the database administrator can change the values so that limits are applied to all users by default.
Profile Usage
Restrict users from performing some operations that require heavy use of resourcesEnsure that users log off the database when they have left their session idle for some time
Enable group resource limits for similar users
Easily assign resource limits to users
Manage resource usage in large, complex multiuser database systems
Control the use of passwords
Profile Characteristics
Profile assignments do not affect current sessions.Profile can be assigned only to users and not to roles or other profiles.
If you do not assign a profile when creating a user, the user is automatically assigned the DEFAULT profile.
Set up password management by using profiles and assigning them to the users.
password management: Account locking, Password aging and expiration, password history, password complexity verification.
缺省的 oracle 的 password要求
parameter:
FAILED_LOGIN_ATTEMPS : 3 尝试输入密码次数PASSWORD_LOCK_TIME : 尝试登陆密码错误后被锁住天数
PASSWORD_LIFE_TIME : 密码有效天数, 超过这个天数, 密码将过期
PASSWORD_GRACE_TIME : 更换密码的周期
Create a profile : Password Seetings
CREATE PROFILE grace_5 LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME UNLIMITTED PASSWORD_LIFE_TIME 30 PASSWORD_REUSE_TIME 30 PASSWORD_VERIFY_FUNCTION verify_function PASSWORD_GRACE_TIME 5;
Alter a Prifile
ALTER PROFILE default(这可以换成profile name) -- 修改默认的 profileFAILED_LOGIN_ATTEMPTS 3
PASSWORD_LIFE_TIME 60
PASSWORD_GRACE_TIME 10;
这里的 cascade 是收回那些已经分配给某个用户的设置.
1. Create a profile with the CREATE PROFILE command to determine the resource and password limits.
2. Assign profiles with the CREATE USER OR ALTER USER command.
3. Enforce resource limits with the ALTER SYSTEM command or by editing the initialization parameter file
ALTER SYSTEM SET RESOURCE_LIMIT = TRUE;
session level
CPU_PER_SESSION : total cpu time measured in hundredths of secondsSESSIONS_PER_USER : number of concurrent sessions allowed for each username
CONNECT_TIME : elapsed connect time measured in minutes
IDLE_TIME : periods of inactive time measured in minutes
LOGICAL_READS_PER_SESSION : number of data blocks(physical and logical reads)
PRIVATE_SGA : private space in the SGA measured in bytes( for shared server only)
call level
call 级别是用户的 SQL 语句CPU_PER_CALL : cpu time per call in hundredths of seconds
LOGICAL_READS_PER_CALL : Number of data blocks that can be read per call
create a profile Resource Limit
Obtaining Password and Resource Limits Information
DBA_USERS
DBA_PROFILES
相关文章推荐
- 13 - Managing Password Security and Resources
- Managing Password Security & Resources
- Managing Catastrophic Loss of Sensitive Data: A Guide for IT and Security Professionals
- Configuring and Managing Cluster Resources
- Python 3.6 adds New secrets Module for Robust Account and Password Security
- ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources
- Techno Security's Guide to Managing Risks for IT Managers, Auditors and Investigators
- Configuring and Managing Cluster Resources
- Managing Projects in Human Resources: Training and Developement
- The Information Systems Security Officer's Guide: Establishing and Managing an Information Protectio
- Configuring and Managing Cluster Resources (Command Line)
- Chapter 7. Configuring and Managing Cluster Resources (Command Line)
- liferay Portal CE6.2 新开发portlet如何设置权限(Security and Permission resources )
- [置顶] Android Studio编译时Error: app:transformClassesAndResourcesWithProguardFor 的解决
- Codeforces Round #394 (Div. 2) C.Dasha and Password(暴力)
- API Security: Deep Dive into OAuth and OpenID Connect
- Erik's Open Tools API FAQ and Resources
- TI DM3730 BB-xM, Overo and IGEP hardware / software usage and root fs build resources
- Remove Avast, Avira, Norton AntiVirus, and/ or ESET Smart Security Enhanced Protection Mode
- Security Basics and ASP.NET Support(翻译)