General security principles

Keep software up to date

Keep all software versions and patches up to date.

Keep up to date on the latest Critical Patch Updates

Oracle continually improves its software and documentation. Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the third Tuesday of January, April, July, and October (they were previously published on the Tuesday closest to the 17th day of January, April, July, and October).

Oracle highly recommends that customers apply these patches as soon as they are released.

Require complex and secure passwords

Each password should meet the following requirements:

Contains a minimum of eight characters.
Contains at least one upper case character, and at least one number or special character.
Expires after 90 days.
Does not contain a common word, name, or any part of the user name.

For information about specific password configuration settings available in Oracle Central Coding, see Password configuration for user security.

Keep passwords private and secure

All users should change their passwords when they log in for the first time.

Tell users never to share passwords, write down passwords, or store passwords in files on their computers. For more information, see Passwords for new users.

Lock computers to protect data

Encourage users to lock computers that are left unattended. For more information, see Log in security.

Provide only the necessary rights to perform an operation

Configure rights, assign roles to users, and assign users to work teams so that they can perform only the tasks necessary for their jobs.

For more information, see:

Protect sensitive data

Collect the minimum amount of sensitive data needed.
Tell users not to send sensitive information over email.
Provide access to sensitive data only to users who need it for their jobs.

For more information, see Restricted viewing of sensitive data.