The Importance of Using Common Sense
>> Wednesday, 11 May 2011
It is so important to sense check documentation and general information you find before you blindly wading in thinking you're doing ok.
I'm not just talking about the lay blogger who randomly throws out advice now and again (!), even Oracle get it wrong. Actually that was double sarcasm, they often get it wrong. Well why wouldn't they? Each person is only human.
When you are Googling around, browsing MyOracleSupport or, the last resort, actually reading Oracle's own documentation (why don't I go there first?!) remember not to rely on the accuracy of everything you read.
Firstly with Oracle documentation check the document version at the top of the page. There are many subtle differences between the versions, if you decide to read the 10.2 Security Guide to implement 11.2 Security you will fall down a hole at some point.
Even then when you are happy you have the right documentation for the right version and it's straight from Oracle's mouth, there are still pit falls in accuracy.
For example the 11g Release 1 (11.1) Oracle(r) Database 2 Day + Security Guide (Part Number B28337-05) states:
PASSWORD_REUSE_MAX
Sets the number of days before which a password cannot be reused.
PASSWORD_REUSE_TIME
Sets the number of password changes required before the current
No, go back and look again, do you feel your right eye brow raising wondering if that is quite right, quite logical?
In 9i, 10g and 11.2 documentation the PASSWORD_REUSE_MAX is number of changes and the PASSWORD_REUSE_TIME is days. A slip up for one version.
I reported it to Oracle and they are correcting, so maybe by the time you find this it will all be ok.
These kind of sense checks are particularly important with new features in new versions. Hunt around for dbms_audit_mgmt and you will find a number of conflicting posts at the moment.
Don't blindly follow examples, have a think about why you are doing what you are doing and whether it really makes sense and hey, if it makes no sense whatsoever and it is definitely correct then it's a 'feature' so blog it!
I feel a dbms_audit_mgmt post coming on...
0 comments:
Post a Comment