RE: passwords (a bit of a rant)
From: Freeman, Donald CONT (ABL) <"Freeman,>
Date: Tue, 13 Aug 2013 16:49:00 -0400
Message-ID: <D623983FC52A9346AC003016DE490B4F018223DF_at_V53-EX02.nets.nemais.navy.mil>
Oracle's implementation of passwords is very problematic. Oracle has a lot of technology of various generations and origins that have incompatible password implementations. That means the password rules for common users have to be set for the most primitive component of the system. I would also say that the level of resistance to hardening systems is high and the level of compliance is low. It is difficult to operate systems securely without having outages solely caused by password issues.
Date: Tue, 13 Aug 2013 16:49:00 -0400
Message-ID: <D623983FC52A9346AC003016DE490B4F018223DF_at_V53-EX02.nets.nemais.navy.mil>
Oracle's implementation of passwords is very problematic. Oracle has a lot of technology of various generations and origins that have incompatible password implementations. That means the password rules for common users have to be set for the most primitive component of the system. I would also say that the level of resistance to hardening systems is high and the level of compliance is low. It is difficult to operate systems securely without having outages solely caused by password issues.
If it was easy, everybody would change all the passwords when a privileged employee departed. How often does that happen? I would go on a rant also but it's the end of the day ....
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Aug 13 2013 - 22:49:00 CEST