User JDE and password changes

jimmymac

Reputable Poster
We are on E1 9.0, tools release 9.1.4.7.

We are going to be modifying our password policy, basically increasing the required length from 4 to 8 and adding a special character and number requirement. Our question involves the system proxy user JDE. We plan on changing the password policy, then setting all users (except JDE) to Force Immediate Password Change so the users will have to change their password to comply with the new policy.

However, we want to leave JDE as it is. Is there any issue anyone would see to change the policy but leave JDE with its current password. The steps from Oracle to change the password for user JDE seem rather complex and represents a significant risk for downtime if we didn't do it properly. So we would just prefer to leave it.

Does any one see an issue with this?
 

altquark

Legendary Poster
It seems like it will work.

However, you should be changing your reliance on JDE as a System user (Database User) - and instead create a better database user. That way, you can phase out the use and reliance of JDE and eventually disable the JDE account. JDE is a known user to the world, and it provides a major security vulnerability (something I've talked about many times including in my whitepaper on security from 12 years ago called "hacking OneWorld"). Customers should be able to disable the JDE user ID - and only need to enable it for upgrade/update time.
 
Top