Subject | Security.fdb improvements |
---|---|
Author | Salvatore Besso |
Post date | 2005-04-30T16:00:51Z |
hello all,
as a test, I have successfully applied the suggested modifications to the
security database described on Helen's book at page 708. Now I was wondering
if I can further improve the database adding more fields to it without
hurting the whole system. The fields that I'd like to add are:
Password_Never_Expires LOGICAL (may be True for SYSDBA or some other rare
cases)
Must_Change_Password LOGICAL (indicates that user must change password at
first access, useful when the account has just been created with a generic
password)
Password_Duration SMALLINT (amount of days before next password change)
Last_Password_Change DATE (last date when the user has changed the password)
Account_Disabled LOGICAL (to temporarily deny any access to an user without
deleting the account)
The LOGICAL domain will be defined as SMALLINT, 0 or 1.
Of course these extra fields will be handled in the application and only by
SYSDBA (the other users will not have any grant to modify them), but I'd
like to know if adding new fields is safe, that's to say if I will be able
to connect again as before and if command line tools like gsec will ignore
them and will continue to work as usual.
Thanks
Salvatore
as a test, I have successfully applied the suggested modifications to the
security database described on Helen's book at page 708. Now I was wondering
if I can further improve the database adding more fields to it without
hurting the whole system. The fields that I'd like to add are:
Password_Never_Expires LOGICAL (may be True for SYSDBA or some other rare
cases)
Must_Change_Password LOGICAL (indicates that user must change password at
first access, useful when the account has just been created with a generic
password)
Password_Duration SMALLINT (amount of days before next password change)
Last_Password_Change DATE (last date when the user has changed the password)
Account_Disabled LOGICAL (to temporarily deny any access to an user without
deleting the account)
The LOGICAL domain will be defined as SMALLINT, 0 or 1.
Of course these extra fields will be handled in the application and only by
SYSDBA (the other users will not have any grant to modify them), but I'd
like to know if adding new fields is safe, that's to say if I will be able
to connect again as before and if command line tools like gsec will ignore
them and will continue to work as usual.
Thanks
Salvatore