Passwords- Users and Basic Security

18 Jan by Leondre Morris

Passwords- Users and Basic Security

In 23c, passwords have to be a minimum of 12 bytes and can be up to 1,024 bytes. Password complexity is also required by default, and additional policies can be implemented based on your company policies.

Passwords are set with the installation for SYS and SYSTEM and should be modified regularly with ALTER USER. When creating a new user, you create the user with the identified clause to set the password, or you can modify the password with an ALTER USER command.

You can also interactively change the password so that it is not shown on the screen:

Creating Users

When you are creating a user, you need to consider the following factors:

•     Username and authentication method

•     Basic privileges

•     Default permanent tablespace and space quotas

•     Default temporary tablespace

•     Common and local users

Choosing a Username and Authentication Method

A username can be used that matches your company’s security policies or standards for application names. Schema accounts should be meaningful and help identify the purpose of a user.

Authentication is the method used to confirm that the user is who they say they are. Oracle supports a robust set of authentication methods:

•     Database authentication (username and password stored in database)

•     OS authentication

•     Network authentication

•     Global user authentication and authorization

•     External service authentication

A simple, easy, and reliable form of authentication is through the database. In this form of authentication, the username and password are stored within the database.

The password is not stored in plain text; it is stored in a secure, hashed format. When connecting to the database, the user provides a username and password.

The database checks the entered username and password against information stored in the database, and if there is a match, the user is allowed to connect to the database with the privileges associated with the account.

Another commonly implemented authentication method is through the OS. OS authentication means that if you can successfully log in to a server, then it is possible to establish a connection to a local database without providing username and password details.

In other words, you can associate database privileges with an OS account or an associated OS group, or both. Since 19c you can centrally manage your users in Active Directory and integrate as users or global users in the database.

Examples of database and OS authentication and global users are discussed in the next two sections. If you have more sophisticated authentication requirements, then you should investigate network, global, or external service authentication. See the Oracle Database Security Guide, which is available as part of the Oracle Database documentation, for more details regarding these methods.

Leave a Reply

Your email address will not be published. Required fields are marked *