Oracle Database reinforcement-Password Policy

We all know that password policy reinforcement parameters generally include password length, complexity detection, maximum and minimum usage time, expiration alarm time, maximum number of Logon failures, and lock time.
By default, Oracle provides a password policy SQL Execution file utlpwdmg. SQL. The default path for linux/unix is $ ORACLE_HOME/rdbms/admin/utlpwdmg. SQL. Windows path location can be obtained by searching.
First, let's take a look at how the password policy is set after Oracle is installed by default.
Figure 1

Figure 2
 


The configuration file shows that the password length in the current password policy is set to no less than four digits, and the password survival time is set to 180 days, and the password warning time is 7 days, the number of Logon failures is displayed as 10 and the lock time is 1 minute.
Next, let's test whether the policy setting script takes effect.
Figure 3


The scott npassword tiger is successfully modified to 123, indicating that the utlpwdmg. SQL script file is not executed.
Next we will re-Modify the utlpwdmg. SQL configuration and then execute it.
Figure 4

Figure 5


Run the script:
Figure 6




Then, check whether the password length and complexity detection function are enabled.
Figure 7


The figure shows that the new password fails to be set to 123, and the password must be more than 8 characters long.
Figure 8


The figure shows that the new password fails to be set to 12345678. The password must contain at least one number and one letter, indicating that the password complexity check is enabled.
Figure 9


The figure shows that the default failed_login_attempts value of utlpwdmg. SQL is changed from 10 to 5.
To sum up, the utlpwdmg. SQL script file takes effect, and some password policies take effect.
(For the purpose of testing, the password policy parameters in the profile in the experiment have only been partially modified. In actual reinforcement, many password policies need to be rectified and reinforced .)
In fact, you can directly set the profile by using the following command:
ALTER PROFILE DEFAULT LIMIT
PASSWORD_LIFE_TIME 180
PASSWORD_GRACE_TIME 7
PASSWORD_REUSE_TIME 100
Password_reuse_max200
FAILED_LOGIN_ATTEMPTS 5
Pass word_lock_time 1/1440
PASSWORD_VERIFY_FUNCTION verify_function_11G;
Supplement:
<! -- [If! SupportLists] --> 1. <! -- [Endif] --> verify_function_11G is a function in the utlpwdmg. SQL file to check the complexity of user passwords.
<! -- [If! SupportLists] --> 2. <! -- [Endif] --> PASSWORD_LOCK_TIME 1/1440, in which the Unit is day. Here/1440 is divided by 1440 (24*60). Here, the lock time is 1 minute.