This discussion is archived
4 Replies Latest reply: Sep 5, 2011 5:43 AM by Saurabh Gupta-OC RSS

Password policy

Saurabh Gupta-OC Newbie
Currently Being Moderated
Dear friends,

We want to implement password compliance policy and have some queries, request you to please suggest me on the below points:

1) Users access database using - 'sqlplus userid/pwd@connectstring'
here we can see the password, its not in astrick format, I want to disable db access in this way, I want user to put only 'sqlplus userid@connectstring' and then system will ask password that would be in astrick format. How can we implement this?

2) As we know that any user can change their password, I want to revoke this privlege from all the users and only DBA can change their password, how it can be done?

Requesting for your reply.

Thanks.
  • 1. Re: Password policy
    Avinash Tripathi Pro
    Currently Being Moderated
    Hi,
    Hiding password with SQLPLUS is already supported, you do not need to do anything.
    C:\Users\at0022533>sqlplus hr@ORCL
    
    SQL*Plus: Release 11.2.0.1.0 Production on Fri Aug 26 13:30:12 2011
    
    Copyright (c) 1982, 2010, Oracle.  All rights reserved.
    
    Enter password:
    
    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    
    SQL>
    2) As we know that any user can change their password, I want to revoke this privlege from all the users and only DBA can change their password, how it can be done?
    What you are trying to achieve here? If someone can login into the database and he/she knows the password then what you will achieve by restricting to change the password?

    Regards,
    Avinash
  • 2. Re: Password policy
    Saurabh Gupta-OC Newbie
    Currently Being Moderated
    Basically the reason behind to restrict the users from changing their password is Single User Login system.
    We have DWH env and have a single user id/password and all the users are using same userid to login to the database.
    That is why we wanted to put a restriction that nobody will be able to change the password except DBA.

    I hope now it will be clear to you, Avinash.

    Thank You for your assistance.

    Edited by: 877938 on Aug 26, 2011 2:58 AM

    Edited by: 877938 on Aug 26, 2011 2:58 AM
  • 3. Re: Password policy
    Avinash Tripathi Pro
    Currently Being Moderated
    Hi,
    I think it is not a good idea to share one environment with all the users. How will you control if some user change anything and it has impact in entire application?

    I would suggest to create a DB account for all your users and give them necessary privilege (e.g. EXECUTE, SELECT) for your DW application.

    If you still want to restrict the users here is a work around.

    http://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_2.shtml


    Regards,
    Avinash
  • 4. Re: Password policy
    Saurabh Gupta-OC Newbie
    Currently Being Moderated
    Thanks Avinash.

    Thanks for sharing the solution, I have not tried it yet but looks really good.

    Will update you once I get time to implement this.

    Regards,
    Saurabh

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points