Oracle Applications password security policy

The following eBusiness Suite profile options address the basic User Authentication level in an Applications Security model:

Usage notes…

Signon Password Failure Limit
By default, there is no account lockout after a failed number of login attempts. This profile option controls automated “locking” of the account. Security administrators can monitor FND_UNSUCCESSFUL_LOGINS and ICX.ICX_FAILURES tables. Both the FND_UNSUCCESSFUL_LOGINS and ICX.ICX_FAILURES tables capture failed login attempts from the Personal Home Page (Self Service/Web Interface), but failed core Forms logins are only logged to FND_UNSUCCESSFUL_LOGINS.

Signon Password Hard to Guess
This profile option uses internal rules for verifying passwords, so that they will be “hard to guess”. Oracle defines a password as hard-to-guess if it follows these rules:
 – The password contains at least one letter and at least one number.
 – The password does not contain repeating characters.
 – The password does not contain the username.

Signon Password Length
Sets the minimum length of an Oracle Applications password string. The default length is 5, but at least 8 is recommended 8.

Signon Password No Reuse
This profile option is set to the number of days that must pass before a user is allowed to reuse a password.

Signon Password Custom
To allow a bespoke password scheme (validated by custom Java code) in a custom Java class, implementing a more complex password validation requirement, which cannot be supported by these profile options. For example, the password value must contain a numeric value, an uppercase value, and a special character.

Signon Password Case
To force case sensitivity in user passwords. By default in Release 11i, this profile is not populated and the system action defaults to being “Insensitive”. This option allows for tighter security, as well as for better integration with Oracle Internet Directory, because it also allows case sensitive passwords. The Define Users form and the Signon form now accept case-sensitive passwords. It is recommended that this is set to “Sensitive” at site level. This will have no affect on existing passwords stored on the system. The case sensitivity will start to take effect the next time a password value is changed – then the rule will be applied.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s