DB Wrangler: Quirky 11g Default Profile

So you're used to setting up and configuring your Oracle database in a 3-tier architecture (typically web app). As has been the case for many past releases, Oracle assigns the default profile to users unless otherwise specified. However, to help you along (...not!), the default profile in 11g is now restrictive as follows:

PASSWORD_LIFE_TIME 180     (days)
PASSWORD_GRACE_TIME 7      (days)
FAILED_LOGIN_ATTEMPTS 10
PASSWORD_LOCK_TIME 1       (days)

Oracle probably thought that this was smart security, but I wager to bet that most Oracle databases are connected directly application servers and password management is not dictated by this way. The upshot is that many an unsuspecting DBA, having setup a database that is happily supporting a website or a.n.other 3-tier configuration, gets a rude awakening when the application can no longer connect after 6 months! Frankly it would have been better for Oracle to make available a secure profile with the above properties that needs to be explicitly assigned to users.

To resolve this issue you can run the following:

ALTER PROFILE DEFAULT LIMIT
FAILED_LOGIN_ATTEMPTS UNLIMITED
PASSWORD_LIFE_TIME UNLIMITED;

DB Wrangler

Thursday, 25 March 2010

Quirky 11g Default Profile

No comments:

Post a Comment

Blog Archive

About my blog

Contributors

Featured post

Deployment considerations around Apache Kafka in AWS