Oracle Waveset 8.1.1 Business Administrator's Guide

What is a Dictionary Policy?

A dictionary policy enables Waveset to check passwords against a word database to ensure that they are protected from a simple dictionary attack. By using this policy with other policy settings to enforce the length and makeup of passwords, Waveset makes it difficult to use a dictionary to guess passwords that are generated or changed in the system.

The dictionary policy extends the password exclusion list that you can set up with the policy. (This list is implemented by the Must Not Contain Words option on the Administrator Interface password Edit Policy page.)

ProcedureTo Configure a Dictionary Policy

To set up a dictionary policy, you must:

  1. Open the Policies page as described in Configuring Waveset Policies.

  2. Click Configure Dictionary to display the Dictionary Configuration page.

  3. Select and enter database information.

    Database information includes:

    • Database Type. Select the database type (Oracle, DB2, SQLServer, or MySQL) that you will use to store the dictionary.

    • Host. Enter the name of the host where the database is running.

    • User. Enter the user name to use when connecting to the database.

    • Password. Enter the password to use when connecting to the database.

    • Port. Enter the port on which the database is listening.

    • Connection URL. Enter the URL to use when connecting. These template variables are available:

      • %h - host

      • %p - port

      • %d - database name

      Driver Class. Enter the JDBC driver class to use while interacting with the database.

    • Database Name. Enter the name of the database where the dictionary will be loaded.

    • Dictionary Filename. Enter the name of the file to use when loading the dictionary.

  4. Click Test to test the database connection.

  5. If the connection test is successful, click Load Words to load the dictionary. The load task may take a few minutes to complete.

  6. Click Test to ensure that the dictionary was loaded correctly.

ProcedureTo Implement a Dictionary Policy

Use the following steps to implement a dictionary policy:

  1. Open the Policies page as described in Configuring Waveset Policies.

  2. Click the Password Policy link to edit the password policy.

  3. On the Edit Policy page, select the Check passwords against dictionary words option.

  4. Click Save to save your changes.

    Once implemented, all changed and generated passwords will be checked against the dictionary.