Oracle EBS密码安全

Signon Password Failure Limit
The Signon Password Failure Limit profile option determines the maximum number of
login attempts before the user's account is disabled.
Users cannot see or update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_FAILURE_LIMIT.

Signon Password Hard to Guess
The Signon Password Hard to Guess profile option sets rules for choosing passwords
to ensure that they will be "hard to guess." A password is considered hard-to-guess
if it follows these rules:
. The password contains at least one letter and at least one number.
. The password does not contain the username.
. The password does not contain repeating characters.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_HARD_TO_GUESS.

Signon Password Length
Signon Password Length sets the minimum length of an Applications signon password.
If no value is entered the minimum length defaults to 5.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_LENGTH.

Signon Password No Reuse
This profile option specifies the number of days that a user must wait before being
allowed to reuse a password.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_NO_REUSE.

Signon Password Case
This profile option is not available from the beginning.
With 11i.ATG_PF.H RUP3 comes the system profile 'Password Case Option'
After 11i.ATG_PF.H.RUP4 this system profile option was renamed to 'Signon Password Case'.
There are two settings: 'Sensitive' and 'Insensitive'.
The default is 'Insensitive'.
Setting this profile option to 'Sensitive' will make the password case sensitive.
'Mixed' is no longer supported.

Profile Default Recommendation

Signon Password Failure Limit None 3 (attempts)

Signon Password Hard to Guess No Yes

Signon Password Length 5 7 (characters)

Signon Password No Reuse None 180 (days)

Signon Password Custom None See Note Below

Password Case Option Null Sensitive

These profiles should only be set at Site level.
They can be set at other levels, such as User or Responsibility.

However, when logging in there is no User context, so if a User is prompted to
change their password at login, the profiles are only evaluated at site level.

Once logged in and resetting passwords using Preferences->Change Password,
or the Security ->User->Define form these other levels will have effect and will confuse the issue.

So these profiles should only be set at Site level, for consistent enforcement.

In the Define User screen we can set the Password Expiration to either
• Days (see example),
• Accesses (the number of logins) or
• None.

Combining the profile options with the Password Expiration will give you a robust password policy for Oracle E-Business Suite.