3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'

Information

The SESSIONS_PER_USER setting determines the maximum number of user sessions that are allowed to be open concurrently. The suggested value for this is 10 or less.

Rationale:

Limiting the number of the SESSIONS_PER_USER can help prevent memory resource exhaustion by poorly formed requests or intentional denial-of-service attacks.

Solution

To remediate this setting, execute the following SQL statement for each PROFILE returned by the audit procedure.

ALTER PROFILE <profile_name> LIMIT SESSIONS_PER_USER 10;

See Also

https://workbench.cisecurity.org/benchmarks/13413