Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: password complexity -- implementing security changes
Raj--
Call me slow, but I'm not following. User password expires, user calls help desk, user gets "temporary" password--what then? Does user keep that password for 60 days or change it using the stored procedure? What about this setup reduces calls to help desk?
Paul Baumgartel
paul.baumgartel_at_credit-suisse.com
212.538.1143
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of rjamya
Sent: Friday, March 03, 2006 9:46 AM
To: wbfergus_at_usgs.gov
Cc: oracle-l_at_freelists.org
Subject: Re: password complexity -- implementing security changes
Our corporate security requirements state that passwords must be changed every 60 days for user accounts. So, we wrote a stored procedure that changes user password given a userid. Then wrote a small perl script that can be called by guys in Data Center.
when a user calls, they verify it is the right user, call a perl program that changes the password to a temp one and give it to the user on the phone, never in the email.
Also our application tracks this and starts reminding suer 7 days before the password expiration.
Works fine, the data center doesn't get too many phone calls, everyone is happy.
Raj
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Mar 03 2006 - 08:57:43 CST