RE: password complexity -- implementing security changes

  • From: "Potluri, Venu (GTI)" <venu_potluri@xxxxxx>
  • To: <rjamya@xxxxxxxxx>, <wbfergus@xxxxxxxx>
  • Date: Fri, 3 Mar 2006 09:59:41 -0500

You can use the verify_function and create password complexity. In our
environments, we require users to reset passwords every 90 days. The
password needs to have a capital letter, a number, etc. I have created a
utility which will change password and send email to the person that
owns the account automatically. It is simple enough for helpdesk to use
to accomplish password reset or unlock. The user also gets prompts to
change password themselves starting 14 days prior to expiration. All of
this can be accomplished with the verify_function and assigning a custom
profile to the database accounts. Of course, the helpdesk need not get
involved at all if the users can be coddled to change password 14 days
prior to expiration.


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of rjamya
Sent: Friday, March 03, 2006 9:46 AM
To: wbfergus@xxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: password complexity -- implementing security changes

Our corporate security requirements state that passwords must be
changed every 60 days for user accounts. So, we wrote a stored
procedure that changes user password given a userid. Then wrote a
small perl script that can be called by guys in Data Center.

when a user calls, they verify it is the right user, call a perl
program that changes the password to a temp one and give it to the
user on the phone, never in the email.

Also our application tracks this and starts reminding suer 7 days
before the password expiration.

Works fine, the data center doesn't get too many phone calls, everyone
is happy.

Raj
----------------------------------------------
Got RAC?
--
//www.freelists.org/webpage/oracle-l
--------------------------------------------------------

If you are not an intended recipient of this e-mail, please notify the sender, 
delete it and do not read, act upon, print, disclose, copy, retain or 
redistribute it. Click here for important additional terms relating to this 
e-mail.     http://www.ml.com/email_terms/
--------------------------------------------------------
--
//www.freelists.org/webpage/oracle-l

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 03-2006