RE: password complexity -- implementing security changes
- From: "Baumgartel, Paul" <paul.baumgartel@xxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Fri, 3 Mar 2006 14:57:43 -0000
Raj--
Call me slow, but I'm not following. User password expires, user calls help
desk, user gets "temporary" password--what then? Does user keep that password
for 60 days or change it using the stored procedure? What about this setup
reduces calls to help desk?
Paul Baumgartel
paul.baumgartel@xxxxxxxxxxxxxxxxx
212.538.1143
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of rjamya
Sent: Friday, March 03, 2006 9:46 AM
To: wbfergus@xxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: password complexity -- implementing security changes
Our corporate security requirements state that passwords must be
changed every 60 days for user accounts. So, we wrote a stored
procedure that changes user password given a userid. Then wrote a
small perl script that can be called by guys in Data Center.
when a user calls, they verify it is the right user, call a perl
program that changes the password to a temp one and give it to the
user on the phone, never in the email.
Also our application tracks this and starts reminding suer 7 days
before the password expiration.
Works fine, the data center doesn't get too many phone calls, everyone is happy.
Raj
----------------------------------------------
Got RAC?
--
//www.freelists.org/webpage/oracle-l
==============================================================================
Please access the attached hyperlink for an important electronic communications
disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================
--
//www.freelists.org/webpage/oracle-l
Other related posts:
