Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients


Free Oracle Tips


Free Oracle App Server Tips


Oracle support

Oracle training

Oracle tuning


Remote Oracle

Custom Oracle Training


  Oracle Tips by Burleson

Chapter 4 General Oracle Security

What if we limit the number of sessions a user can have active at any point in time? We know beforehand how many sessions a specific user needs.  Typically, a senior claim analyst uses a session to do his or her work, and perhaps opens up another to answer a question from a junior analyst. A maximum of two sessions, then, is adequate for a senior analyst, but only one is adequate for a junior analyst. Profiles are used to limit the number of concurrent sessions for a specific username. This parameter specifies that limit.


 – The other technique that hackers employ is using the database session of other legitimate users after their regular work. However, if there is a limit on the maximum amount of time a user session can stay connected to the database, the sessions are automatically disconnected.

HIPAA rules do not mandate this, but they do recommend using some sort of mechanism to limit the time so that a malicious intruder has fewer resources. This parameter in the profile enforces that limit. Expressed in seconds, it limits the maximum time a user can stay connected to the database. After this limit expires, the sessions are automatically disconnected.

In this case, let's assume the senior claim analyst connects at 8 in the morning, goes to lunch at 12 noon, comes back at 1 and works till 5. Therefore, she works for only 4 hours at a stretch. Given another hour for some extra work, 5 hours should be the maximum time for the senior claim analyst to work, and that should be the limit. Expressed in seconds, it is 5 times 60 times 60, i.e. 180000.


 – Hackers typically wait for a legitimate user to be connected but idle. Then they hijack the session to carry out their task. Idle time while connected is one of

The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security


This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only


 and has an immediate download of working security scripts:


Oracle performance tuning book



Oracle performance tuning software

Oracle performance tuning software
Oracle performance Tuning 10g reference poster
Oracle training in Linux commands
Oracle training Excel


email BC:

Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.