Creating a security policy

A security policy sets restrictions on the user accounts that are set up to access iBase. The security policy specifies rules for adding and changing passwords that apply only to user accounts with iBase usernames and passwords.

About this task

New security files do not have a security policy because by default none of the settings on the Security Policy page of the Security Manager are turned on.

The absence of a security policy means that:

  • Minimum password length is four-characters.

  • No restriction on the characters that are used to make up passwords.

  • Passwords never expire.

  • No limit to the number of attempts to log on.

  • Last used username is displayed at the next logon.

  • No password history (although a new password cannot be the same as the current password).

Note: Although a security policy is part of the security file, it is not replicated even if you choose to replicate the security file. Enabling each site that is involved in iBase Database Replication to maintain their own security policy. However, the password history is replicated as it is possible that users might need to log on and change their account details at any of the sites.

Procedure

To view a security policy or change its settings:

  1. In iBase Designer, Select Security > Security Manager > Security Policy.

  2. Enter the requirements for new iBase passwords.

    • Minimum password length

      Enforce a minimum number of characters for the password, 1 - 20 characters.

    • Minimum password age

      Prevent the user from changing their password for a specified number of days.

      Note: This restriction can be overridden by turning on Reset password at next logon.

    • Maximum password age

      Force the user to change their password after a specified number of days has passed. By default, passwords never expire.

    • Show password expiry reminder

      Remind the user to change their password for a specified number of days before the expiry date.

    • Enforce password history

      Prevent the user from changing their password back to one used previously. The new password is compared to all previous passwords. Set the passwords remembered option to limit the number of passwords that are used in validating the new password.

    • Lock out user after

      Control the number of times the user can enter an incorrect password before their account is disabled.

      Note: You can unlock the account in the User settings by turning on Account is active.

    • Reset account lock-out after

      Automatically unlock an account that has been disabled as a result of too many failed logon attempts.

      Note: Administrative accounts are automatically reset after thirty minutes.

    • Enforce complex passwords

      Force the user to select a password of a suitable complexity.

    • Hide last username when logging on

      Hide the name of the last user to use iBase. By default, last used username is displayed at the next logon.

    • Enforce SQL Server certificate validation for connections

      This option is unchecked by default, and iBase connects without completing certificate validation. Check this option to enforce SQL Server certificate validation for users logging into iBase.

      Note: If you use this option you must configure the certificates on the SQL Server in order to connect to your SQL Server databases.

    Note: The changes that you make do not affect existing passwords unless you require users to change their passwords when they next log-on.

  3. Click Apply to save your changes. The changes come into effect when you log off.

  4. If you are editing an existing policy, and change the password settings, select whether you want to force users to change their password when they next log-on.