How does one enforce strict password control? (for DBA

How does one enforce strict password control? (for DBA
by

1 Answer

Answer :

By default Oracle's security is not extremely good. For example, Oracle
will allow users to choose single character passwords and passwords
that match their names and userids. Also, passwords don't ever expire.
This means that one can hack an account for years without ever
locking the user.
From Oracle8 one can manage passwords through profiles. Some of
the things that one can restrict:
. FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is
locked
. PASSWORD_LIFE_TIME - limits the number of days the same password
can be used for authentication
. PASSWORD_REUSE_TIME - number of days before a password can be
reused
by

Related questions

How does one change an Oracle user's password?(for DBA

Description : How does one change an Oracle user's password?(for DBA

Last Answer : Issue the following SQL command: ALTER USER IDENTIFIED BY ; From Oracle8 you can just type "password" from SQL*Plus, or if you need to change another user's password, type "password ... this example: SQL> password Changing password for SCOTT Old password: New password: Retype new password:

How does one add users to a password file? (for DBA

Description : How does one add users to a password file? (for DBA

Last Answer : One can select from the SYS.V_$PWFILE_USERS view to see which users are listed in the password file. New users can be added to the password file by granting them SYSDBA or SYSOPER privileges, or by using the orapwd utility. GRANT SYSDBA TO scott;

How does one create a password file? (for DBA

Description : How does one create a password file? (for DBA

Last Answer : The Oracle Password File ($ORACLE_HOME/dbs/orapw or orapwSID) stores passwords for users with administrative privileges. One needs to create a password files before remote administrators (like OEM) will be ... visible in the process table of many systems. Administrators needs to be aware of this!

Learners display individual differences. So a teacher should Options: A) provide a variety of learning experiences B) enforce strict discipline C) increase number of tests D) insist on uniform pace of learning

Description : Learners display individual differences. So a teacher should Options: A) provide a variety of learning experiences B) enforce strict discipline C) increase number of tests D) insist on uniform pace of learning

Last Answer : A) provide a variety of learning experiences 

What is Fine Grained Access Control? (for DBA

Description : What is Fine Grained Access Control? (for DBA

Last Answer : See question "What is a Virtual Private Database".

How will you enforce security using stored procedures?

Description : How will you enforce security using stored procedures?

Last Answer : Don't grant user access directly to tables within the application. Instead grant the ability to access the procedures that access the tables. When procedure executed it will execute the privilege of procedures owner. Users cannot access tables except via the procedure.

How can you Enforce Referential Integrity in snapshots ?

Description : How can you Enforce Referential Integrity in snapshots ?

Last Answer : Time the references to occur when master tables are not in use. Peform the reference the manually immdiately locking the master tables. We can join tables in snopshots by creating a complex snapshots that will based on the master tables.

How will you enforce security using stored procedures?

Description : How will you enforce security using stored procedures?

Last Answer : Don't grant user access directly to tables within the application. Instead grant the ability to access the procedures that access the tables. When procedure executed it will execute the privilege of procedures owner. Users cannot access tables except via the procedure.

You want users to change their passwords every 2 months. How do you enforce this?

Description : You want users to change their passwords every 2 months. How do you enforce this?

Last Answer : Oracle password security is implemented via Oracle "profiles" which are assigned to users. PASSWORD_LIFE_TIME - limits the number of days the same password can be used for authentication First, start ... to detect and remove duplicate rows ▪ Delete duplicate table rows that contain NULL values

Can one export a subset of a table? (for DBA

Description : Can one export a subset of a table? (for DBA

Last Answer : From Oracle8i one can use the QUERY= export parameter to selectively unload a subset of the data from a table. Look at this example: exp scott/tiger tables=emp query=\"where deptno=10\"

How does one use the import/export utilities? (for DBA

Description : How does one use the import/export utilities? (for DBA

Last Answer : Look for the "imp" and "exp" executables in your $ORACLE_HOME/bin directory. One can run them interactively, using command line parameters, or using parameter files. Look at the imp/exp parameters ... and export data with the "Schema Manager" GUI that ships with Oracle Enterprise Manager (OEM).

What is import/export and why does one need it? (for DBA

Description : What is import/export and why does one need it? (for DBA

Last Answer : The Oracle export (EXP) and import (IMP) utilities are used to perform logical database backup and recovery. They are also used to move Oracle data from one machine, database or schema to ... corruption. Ensure that all the data can be read. . Transporting tablespaces between databases . Etc.

Are there any troubleshooting tips for OEM? (for DBA

Description : Are there any troubleshooting tips for OEM? (for DBA

Last Answer : . Create the OEM repository with a user (which will manage the OEM) and store it in a tablespace that does not share any data with other database users. It is a bad practice to create ... successfully. Check the log to see the results of the execution rather than relying on this status.

Where can one get more information about TCL? (for DBA

Description : Where can one get more information about TCL? (for DBA

Last Answer : One can write custom event checking routines for OEM using the TCL (Tool Command Language) language. Check the following sites for more information about TCL: . The Tcl Developer Xchange - ... the OraTCL package . Tom Poindexter's Tcl Page - Oratcl was originally written by Tom Poindexter

How does one start the Oracle Intelligent Agent? (for DBA

Description : How does one start the Oracle Intelligent Agent? (for DBA

Last Answer : One needs to start an OIA (Oracle Intelligent Agent) process on all machines that will to be managed via OEM. For OEM 9i and above:

What is the Oracle Intelligent Agent? (for DBA

Description : What is the Oracle Intelligent Agent? (for DBA

Last Answer : The Oracle Intelligent Agent (OIA) is an autonomous process that needs to run on a remote node in the network to make the node OEM manageable. The Oracle Intelligent Agent is ... events registered in Enterprise Manager; and . Executing tasks associated with jobs submitted to Enterprise Manager.

How does one backout events and jobs during maintenance slots? (for DBA

Description : How does one backout events and jobs during maintenance slots? (for DBA

Last Answer : Managemnet and data collection activity can be suspended by imposing a blackout. Look at these examples: agentctl start blackout # Blackout the entrire agent agentctl stop blackout # Resume normal monitoring ... management agentctl start blackout -s jobs -d 00:20 # Blackout jobs for 20 minutes

What kind of jobs can one schedule with OEM? (for DBA

Description : What kind of jobs can one schedule with OEM? (for DBA

Last Answer : OEM comes with pre-defined jobs like Export, Import, run OS commands, run sql scripts, SQL*Plus commands etc. It also gives you the flexibility of scheduling custom jobs written with the TCL language.

Should the OEM Console be displayed at all times (when there are scheduled jobs)? (for DBA

Description : Should the OEM Console be displayed at all times (when there are scheduled jobs)? (for DBA

Last Answer : When a job is submitted the agent will confirm the status of the job. When the status shows up as scheduled, you can close down the OEM console. The processing of the job is managed by the OIA ... that OEM will not be able to send e-mail and paging notifications when the Console is not started.

WHY USE RMAN ? (for DBA

Description : WHY USE RMAN ? (for DBA

Last Answer : No extra costs Its available free ?RMAN introduced in Oracle 8 it has become simpler with newer versions and easier than user managed backups ?Proper security ?You are 100% sure your ... what need to backed up Knows what is required for recovery Knows what backups are redundant

WHAT IS RMAN ? (for DBA

Description : WHAT IS RMAN ? (for DBA

Last Answer : Recovery Manager is a tool that: manages the process of creating backups and also manages the process of restoring and recovering from them.

Are there any undocumented commands in Oracle? (for DBA

Description : Are there any undocumented commands in Oracle? (for DBA

Last Answer : Sure there are, but it is hard to find them. Look at these examples: From Server Manager (Oracle7.3 and above): ORADEBUG HELP It looks like one can change memory locations with the ORADEBUG POKE ... rdbms/lib/oradbx.o; make -f oracle.mk oradbx) SQL*Plus: ALTER SESSION SET CURRENT_SCHEMA = SYS;

How does one use ORADEBUG from Server Manager/ SQL*Plus? (for DBA

Description : How does one use ORADEBUG from Server Manager/ SQL*Plus? (for DBA

Last Answer : Execute the "ORADEBUG HELP" command from svrmgrl or sqlplus to obtain a list of valid ORADEBUG commands. Look at these examples: SQLPLUS> REM Trace SQL statements with bind variables SQLPLUS> oradebug ... oradebug lkdebug -a convres SQLPLUS> oradebug lkdebug -r (i.e 0x8066d338 from convres dump)

What is the difference between DBFile Sequential and Scattered Reads?(for DBA

Description : What is the difference between DBFile Sequential and Scattered Reads?(for DBA

Last Answer : Both "db file sequential read" and "db file scattered read" events signify time waited for I/O read requests to complete. Time is reported in 100's of a second for Oracle 8i releases and below, ... v_$system_event b where a.event = 'db file sequential read' and b.event = 'db file scattered read';

How does one tune Oracle Wait events? (for DBA

Description : How does one tune Oracle Wait events? (for DBA

Last Answer : Some wait events from V$SESSION_WAIT and V$SYSTEM_EVENT views: Event Name: Tuning Recommendation: db file sequential read Tune SQL to do less I/O. Make sure all objects are analyzed. Redistribute ... SYS.V$BH log buffer spaces Increase LOG_BUFFER parameter or move log files to faster disks

How does one manage Oracle database users? (for DBA

Description : How does one manage Oracle database users? (for DBA

Last Answer : Oracle user accounts can be locked, unlocked, forced to choose new passwords, etc. For example, all accounts except SYS and SYSTEM will be locked after creating an Oracle9iDB database using the DB ... locked users account ALTER USER scott PASSWORD EXPIRE; -- Force user to choose a new password

How does one manage Oracle database users? (for DBA

Description : How does one manage Oracle database users? (for DBA

Last Answer : Oracle user accounts can be locked, unlocked, forced to choose new passwords, etc. For example, all accounts except SYS and SYSTEM will be locked after creating an Oracle9iDB database using the ... from SYS.V$BH log buffer spaces Increase LOG_BUFFER parameter or move log files to faster disks

What are the common RMAN errors (with solutions)? (for DBA

Description : What are the common RMAN errors (with solutions)? (for DBA

Last Answer : Some of the common RMAN errors are: RMAN-20242: Specification does not match any archivelog in the recovery catalog. Add to RMAN script: sql 'alter system archive log current'; RMAN-06089: archived log xyz not found or out of sync with catalog Execute from RMAN: change archivelog all validate;

What is STATSPACK and how does one use it? (for DBA

Description : What is STATSPACK and how does one use it? (for DBA

Last Answer : Statspack is a set of performance monitoring and reporting utilities provided by Oracle from Oracle8i and above. Statspack provides improved BSTAT/ESTAT functionality, though the old BSTAT/ESTAT scripts ... values recorded in two snapshots . sptrunc.sql - Truncates all data in Statspack tables

What tools/utilities does Oracle provide to assist with performance tuning? (for DBA

Description : What tools/utilities does Oracle provide to assist with performance tuning? (for DBA

Last Answer : Oracle provide the following tools/ utilities to assist with performance monitoring and tuning: . TKProf . UTLBSTAT.SQL and UTLESTAT.SQL - Begin and end stats monitoring . Statspack . Oracle Enterprise Manager - Tuning Pack

What tuning indicators can one use? (for DBA

Description : What tuning indicators can one use? (for DBA

Last Answer : The following high-level tuning indicators can be used to establish if a database is performing optimally or not: . Buffer Cache Hit Ratio Formula: Hit Ratio = (Logical Reads - Physical ... increase hit ratio . Library Cache Hit Ratio Action: Increase the SHARED_POOL_SIZE to increase hit ratio

How does one backup a database using the export utility? (for DBA

Description : How does one backup a database using the export utility? (for DBA

Last Answer : Oracle exports are "logical" database backups (not physical) as they extract data and logical definitions from the database into a file. Other backup strategies normally back-up the physical data ... exports include more information about the database in the export file than user level exports.

What is the difference between restoring and recovering? (for DBA

Description : What is the difference between restoring and recovering? (for DBA

Last Answer : Restoring involves copying backup files from secondary storage (backup media) to disk. This can be done to replace damaged files or to copy/move a database to a new location. Recovery is the process ... as SYSDBA Sql> RECOVER DATABASE UNTIL TIME '2001-03-06:16:00:00' USING BACKUP CONTROLFILE;

What is the difference between online and offline backups? (for DBA

Description : What is the difference between online and offline backups? (for DBA

Last Answer : A hot backup is a backup performed while the database is online and available for read/write. Except for Oracle exports, one can only do on- line backups when running in ARCHIVELOG mode. A cold backup is a backup performed while the database is off-line and unavailable to its users.

What strategies are available for backing-up an Oracle database? (for DBA

Description : What strategies are available for backing-up an Oracle database? (for DBA

Last Answer : The following methods are valid for backing-up an Oracle database: Export/Import - Exports are "logical" database backups in that they extract logical definitions and data from the database to a file. ... , etc. If your database is in ARCGIVELOG mode, you also need to backup archived log files.

Why and when should I backup my database? (for DBA

Description : Why and when should I backup my database? (for DBA

Last Answer : Backup and recovery is one of the most important aspects of a DBAs job. If you lose your company's data, you could very well lose your job. Hardware and software can always be ... things that will get you. Most failed recoveries are a result of organizational errors and miscommunications.

How does one give developers access to trace files (required as input to tkprof)? (for DBA)

Description : How does one give developers access to trace files (required as input to tkprof)? (for DBA)

Last Answer : The "alter session set sql_trace=true" command generates trace files in USER_DUMP_DEST that can be used by developers as input to tkprof. On Unix the default file mask for these files are "rwx r-- -- ... = true Include this in your INIT.ORA file and bounce your database for it to take effect.

How does one create a standby database? (for DBA)

Description : How does one create a standby database? (for DBA)

Last Answer : While your production database is running, take an (image copy) backup and restore it on duplicate hardware. Note that an export will not work!!! On your standby database, issue ... the standby database, stop the recovery process and activate it: ALTER DATABASE ACTIVATE STANDBY DATABASE;

Can one rename a tablespace? (for DBA)

Description : Can one rename a tablespace? (for DBA)

Last Answer : No, this is listed as Enhancement Request 148742. Workaround: Export all of the objects from the tablespace Drop the tablespace including contents Recreate the tablespace Import the objects

Can one resize tablespaces and data files? (for DBA)

Description : Can one resize tablespaces and data files? (for DBA)

Last Answer : One can manually increase or decrease the size of a datafile from Oracle 7.2 using the command. ALTER DATABASE DATAFILE 'filename2' RESIZE 100M; Because you can change the ... UNLIMITED DEFAULT STORAGE (INITIAL 10240 NEXT 10240 MINEXTENTS 1 MAXEXTENTS UNLIMITED PCTINCREASE 0) ONLINE PERMANENT;

How does one switch to another user in Oracle? (for DBA

Description : How does one switch to another user in Oracle? (for DBA

Last Answer : Users normally use the "connect" statement to connect from one database user to another. However, DBAs can switch from one user to another without a password. Of course it is not advisable to ... tiger Connected. Note: Also see the su.sql script in the Useful Scripts and Sample Programs Page.

Who created all these users in my database?/ Can I drop this user? (for DBA

Description : Who created all these users in my database?/ Can I drop this user? (for DBA

Last Answer : Oracle creates a number of default database users or schemas when a new database is created. Below are a few of them: SYS/CHANGE_ON_INSTALL or INTERNAL Oracle Data Dictionary/ Catalog Created ... there should be no problem altering these users to use a different default and temporary tablespace.

What is in all those X$ tables? (for DBA

Description : What is in all those X$ tables? (for DBA

Last Answer : The following list attempts to describe some x$ tables. The list may not be complete or accurate, but represents an attempt to figure out what information they contain. One should generally not ... Fixed Table. It can predict the potential loss of decreasing the number of database buffers. The

How does one list one's databases in the OEM Console? (for DBA

Description : How does one list one's databases in the OEM Console? (for DBA

Last Answer : Follow these steps to discover databases and other services from the OEM Console: 1. Ensure the GLOBAL_DBNAME parameter is set for all databases in your LISTENER.ORA file (optional). ... OEM Discovery Wizard will guide you through the process of discovering your databases and other services.

How does one create a repository? (for DBA

Description : How does one create a repository? (for DBA

Last Answer : For OEM v2 and above, start the Oracle Enterprise Manager Configuration Assistant (emca on Unix) to create and configure the management server and repository. Remember to setup a backup for the repository database after creating it.

How does one stop and start the OMS? (for DBA

Description : How does one stop and start the OMS? (for DBA

Last Answer : Use the following command sequence to stop and start the OMS (Oracle Management Server): oemctl start oms oemctl status oms sysman/oem_temp oemctl stop oms sysman/oem_temp Windows NT/2000 users can just ... of "oem_temp". NOTE: Use command oemctrl instead of oemctl for Oracle 8i and below.

What are the components of OEM? (for DBA

Description : What are the components of OEM? (for DBA

Last Answer : Oracle Enterprise Manager (OEM) has the following components: . Management Server (OMS): Middle tier server that handles communication with the intelligent agents. The OEM Console connects to the ... database and takes care of the execution of jobs and events scheduled through the Console.

What is OEM (Oracle Enterprise Manager)? (for DBA

Description : What is OEM (Oracle Enterprise Manager)? (for DBA

Last Answer : OEM is a set of systems management tools provided by Oracle Corporation for managing the Oracle environment. It provides tools to monitor the Oracle environment and automate tasks (both one-time and repetitive in nature) to take database administration a step closer to "Lights Out" management.

What is Oracle Label Security? (for DBA

Description : What is Oracle Label Security? (for DBA

Last Answer : Oracle Label Security (formerly called Trusted Oracle MLS RDBMS) uses the VPD (Virtual Private Database) feature of Oracle8i to implement row level security. Access to rows are restricted according ... , controlled and managed from the Policy Manager, an Enterprise Manager-based GUI utility.

What is a Virtual Private Database? (for DBA

Description : What is a Virtual Private Database? (for DBA

Last Answer : Oracle 8i introduced the notion of a Virtual Private Database (VPD). A VPD offers Fine-Grained Access Control (FGAC) for secure separation of data. This ensures that users only have ... the DBMS_RLS (Row Level Security) package. Select from SYS.V$VPD_POLICY to see existing VPD configuration.