Home » RDBMS Server » Security » PASSWORD_REUSE_TIME versus PASSWORD_REUSE_MAX
PASSWORD_REUSE_TIME versus PASSWORD_REUSE_MAX [message #213942] Fri, 12 January 2007 21:48 Go to next message
mick_vey
Messages: 1
Registered: January 2007
Junior Member
I've done extensive research on the difference between these two parameters. However, the question I have is this...if you choose to use the password_reuse_max parameter instead of the password_reuse_time parameter, is there a minimum password age that would prevent someone from quickly cycling through the reuse_max limit and returning to the original password? It just makes more sense to me from a security standpoint to use the password_reuse_time parameter because it has the password uniqueness AND minimum password age built in, which would prevent this from happening.

Contrary to what a lot of the Oracle documentation says regarding the parameters being mutually exclusive, I've also heard that you can use them in conjunction with each other.

I've also heard that v8 behaves differently than v9 and v10 with respect to these particular parameters, but I'm not sure how. Thanks!
Re: PASSWORD_REUSE_TIME versus PASSWORD_REUSE_MAX [message #220106 is a reply to message #213942] Sun, 18 February 2007 20:26 Go to previous message
nmacdannald
Messages: 460
Registered: July 2005
Location: Stockton, California - US...
Senior Member
Yes, you can specify unlimited on the number of password history entrys and then specify noreuse for the passwords. It is in the dbabrowser.
Previous Topic: more than one user
Next Topic: Encryption only one column
Goto Forum:
  


Current Time: Thu Mar 28 13:58:38 CDT 2024