Creating a security policy

A security policy sets restrictions on the user accounts that are set up to access iBase. The security policy specifies rules for adding and changing passwords that apply only to user accounts with iBase usernames and passwords.

About this task

New security files do not have a security policy because by default none of the settings on the Security Policy page of the Security Manager are turned on.

The absence of a security policy means that:
  • Minimum password length is four-characters.
  • No restriction on the characters that are used to make up passwords.
  • Passwords never expire.
  • No limit to the number of attempts to log on.
  • Last used username is displayed at the next logon.
  • No password history (although a new password cannot be the same as the current password).
Note: Although a security policy is part of the security file, it is not replicated even if you choose to replicate the security file. Enabling each site that is involved in iBase Database Replication to maintain their own security policy. However, the password history is replicated as it is possible that users might need to log on and change their account details at any of the sites.

Procedure

To view a security policy or change its settings:
  1. In iBase Designer, Select Security > Security Manager > Security Policy.
  2. Enter the requirements for new iBase passwords.
    OptionUse this option to
    Minimum password length Enforce a minimum number of characters for the password, 1 - 20 characters.
    Minimum password age Prevent the user from changing their password for a specified number of days.
    Note: This restriction can be overridden by turning on Reset password at next logon.
    Maximum password age Force the user to change their password after a specified number of days has passed. By default, passwords never expire.
    Show password expiry reminder Remind the user to change their password for a specified number of days before the expiry date.
    Enforce password history Prevent the user from changing their password back to one used previously. The new password is compared to all previous passwords. Set the passwords remembered option to limit the number of passwords that are used in validating the new password.
    Lock out user after Control the number of times the user can enter an incorrect password before their account is disabled.
    Note: You can unlock the account in the User settings by turning on Account is active.
    Reset account lock-out after Automatically unlock an account that has been disabled as a result of too many failed logon attempts.
    Note: Administrative accounts are automatically reset after thirty minutes.
    Enforce complex passwords Force the user to select a password of a suitable complexity.
    Hide last username when logging on Hide the name of the last user to use iBase. By default, last used username is displayed at the next logon.
    Enforce FIPS compliance The Federal Information Processing Standards (FIPS) are standards that are specified by the United States Government for approving cryptographic software. If you are working in environments that enforce FIPS compliance, you must ensure that your passwords are encrypted using logic that matches this standard.
    Note: FIPS compliance prevents iBase from using advanced and more efficient cryptography algorithms. However, if your windows policy is FIPS enabled, you must select this option before creating your database.
    Note: The changes that you make do not affect existing passwords unless you require users to change their passwords when they next log-on.
  3. Click Apply to save your changes. The changes come into effect when you log off.
  4. If you are editing an existing policy, and change the password settings, select whether you want to force users to change their password when they next log-on.