Profiles are used to limit resources and implement password policies. Oracle implements password checking by defining a function to the database at login time. The default function provided by Oracle is implemented in a file call utlpwdmg.sql. This file exists in the doc share for your inspection.
Profiles can be defined to limit resource usage.
What happens to a user's session when a resource limit is exceeded and how does it affect the database?