Following changes to the BNE profile option values, for example, it is necessary to re-start the Apache server, and also to re-start OACORE services (“oacore OC4J in 10.1.3 Oracle_Home”), using the adoacorectl.sh script.
The following eBusiness Suite profile options address the basic User Authentication level in an Applications Security model:
Signon Password Failure Limit
By default, there is no account lockout after a failed number of login attempts. This profile option controls automated “locking” of the account. Security administrators can monitor FND_UNSUCCESSFUL_LOGINS and ICX.ICX_FAILURES tables. Both the FND_UNSUCCESSFUL_LOGINS and ICX.ICX_FAILURES tables capture failed login attempts from the Personal Home Page (Self Service/Web Interface), but failed core Forms logins are only logged to FND_UNSUCCESSFUL_LOGINS.
Signon Password Hard to Guess
This profile option uses internal rules for verifying passwords, so that they will be “hard to guess”. Oracle defines a password as hard-to-guess if it follows these rules:
– The password contains at least one letter and at least one number.
– The password does not contain repeating characters.
– The password does not contain the username.
Signon Password Length
Sets the minimum length of an Oracle Applications password string. The default length is 5, but at least 8 is recommended 8.
Signon Password No Reuse
This profile option is set to the number of days that must pass before a user is allowed to reuse a password.
Signon Password Custom
To allow a bespoke password scheme (validated by custom Java code) in a custom Java class, implementing a more complex password validation requirement, which cannot be supported by these profile options. For example, the password value must contain a numeric value, an uppercase value, and a special character.
Signon Password Case
To force case sensitivity in user passwords. By default in Release 11i, this profile is not populated and the system action defaults to being “Insensitive”. This option allows for tighter security, as well as for better integration with Oracle Internet Directory, because it also allows case sensitive passwords. The Define Users form and the Signon form now accept case-sensitive passwords. It is recommended that this is set to “Sensitive” at site level. This will have no affect on existing passwords stored on the system. The case sensitivity will start to take effect the next time a password value is changed – then the rule will be applied.