Table of Contents
The following default policies in Oracle NoSQL Database may be used to tailor system behavior to meet your security requirements:
Login sessions have a limited duration of validity. After that duration has passed, the session needs re-authentication.
Session login errors are tracked at the component level. Access to an account for a single client host is temporarily disabled if too many failed logins occur at that component within a configurable time duration.
Both of these behaviors can be customized by modifying the values of their respective security parameters. For more information, see the following section.
You can use the plan
change-parameters command in order to change
a security policy in the system:
plan change-parameters -security <id>...
Security parameters are applied implicitly and uniformly across all SNs, RNs and Admins.
The following security parameters can be set:
sessionTimeout=<Long TimeUnit>
Specifies the length of time for which a login session is valid, unless extended. The default value is 24 hours.
sessionExtendAllowed=<Boolean>
Indicates whether session extensions should be granted. Default value is true.
accountErrorLockoutThresholdInterval=<Long TimeUnit>
Specifies the time period over which login error counts are tracked for account lockout monitoring. The default value is 10 minutes.
accountErrorLockoutThresholdCount=<Integer>
Number of invalid login attempts for a user account from a particular host address over the tracking period needed to trigger an automatic account lockout for a host. The default value is 10 attempts.
accountErrorLockoutTimeout=<Long TimeUnit>
Time duration for which an account will be locked out once a lockout has been triggered. The default value is 30 minutes.
loginCacheTimeout=<Long TimeUnit>
Time duration for which KVStore components cache login information locally to avoid the need to query other servers for login validation on every request. The default value is 5 minutes.