Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: User passwords

RE: User passwords

From: DENNIS WILLIAMS <DWILLIAMS_at_LIFETOUCH.COM>
Date: Mon, 22 Mar 2004 14:31:12 -0600
Message-ID: <0186754BC82DD511B5C600B0D0AAC4D607B00293@EXCHMN3>


Denise

   Well, just when you think you've heard it all! After all the talk about password security and ensuring passwords are changed regularly. I couldn't follow your description completely, so I'll ask what I consider an obvious question:

   Why not have the schema/username with the data only used for that purpose, or maybe the application itself if you must. This password can be kept very private and changed without notifying anyone (unless the application must use the account, in that case you must coordinate a password change with the application administrator).

   Break the other users down as finely as possible. Create a username for every type of usage (different access methods), by department. Or you may want to give each individual user their own login. When one process starts hogging the machine, it makes for quicker diagnosis.

   This method has worked pretty well in my environment.

Dennis Williams
DBA
Lifetouch, Inc.
dwilliams_at_lifetouch.com

-----Original Message-----

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Denise.Rossette_at_SWFWMD.STATE.FL.US
Sent: Monday, March 22, 2004 12:55 PM
To: oracle-l_at_freelists.org
Subject: User passwords

List:

We have a user "viewer" account for an internal application. We want to make sure that no one can change the password of this account even if they are signed on as that account - because it will obviously affect others using the internal application. We only want a DBA account to be able to change this user's password. I realize all of the security issues with the set-up as it is, but that's what I have to work with now.

I have researched several Oracle manuals and looked into using Oracle Label Security and product_user_profile. Metalink support does not have a solution for this issue. There seems to be many ways to have users change their passwords and to force complexity of their passwords - but no way to stop them from changing the password.

Is there a solution within Oracle? Has anyone else faced an issue like this or am I dealing with a "unique and unusual problem"?

Thanks to all...



Denise Rossette
Southwest Florida Water Management District 2379 Broad Street
Brooksville, Florida 34604-6899

Email: denise.rossette_at_swfwmd.state.fl.us


Please see the official ORACLE-L FAQ: http://www.orafaq.com

To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line.
--

Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html

-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--

Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
Received on Mon Mar 22 2004 - 14:38:47 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US