| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Looking for suggestions...
Mary,
It seems to me that resetting the ACCTLOCK field to 0 is un-necessary unless another access is requested via this account.
Therefore, instead of scheduling a job to run via dbms_job wouldn't it be simpler to have the application check the LASUPDDTTM against current time on logon and if > 30 minutes then it doesn't really matter what value is in ACCTLOCK!! If it is 1 then set it to 0 if valid credentials are passed, otherwise leave the value at 1 (after another 4 attempts!) and update LASTUPDDTTM. If < 30 minutes and ACCTLOCK = 1 then disconnect immediately. If < 30 minutes and ACCTLOCK = 0 then no problem!
This assumes you have access to change this logic in the code which I assume you have given that you have already implemented the lock-out.
Cheers,
Graeme.
-----Original Message-----
From: Michael Twaddell [mailto:twaddell_at_raytheon.com]
Sent: Saturday, 12 June 2004 12:15 AM
To: oracle-l_at_freelists.org
Subject: Re: Looking for suggestions...
Mary,
Unless I'm misunderstanding something, I think you should be able to do this via dbms_job. When the user has made his 5th unsuccessful attempt to login, and as a result you set ACCTLOCK = 1 for that user, at the same time you could also submit a dbms_job that will kick off in 30 minutes (i.e. SYSDATE + 30/1440) and execute a procedure to set ACCTLOCK = 0 for that user.
Michael T.
Mary Benson wrote:
> We got the following request from our HR technical team. Has anyone
> done anything similar or have any reccomendations?
>
> REQUEST:
> "As part of the security review of the Self Service application, we need
> to institute an account lock-out after 5 unsuccessful attempts when
> requesting a new password. Additionally, the requirement calls for us
> to reset the lock-out after 30 minutes. We can set the lock-out, but we
> have no way to reset the lock-out after 30 minutes through the
> application, but thought there could be a way to do this at the Oracle
> level, like a database agent.
>
> To do this, the agent would need to run against the PSOPRDEFN table, and
> check the value of LASTUPDDTTM (date/time stamp). If 30 minutes have
> elapsed and the value of ACCTLOCK = 1, then reset the ACCTLOCK to 0."
>
> Thanks.
> Mary Benson
> Database Admin.
> Tufts University
>
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request_at_freelists.org
> put 'unsubscribe' in the subject line.
> --
> Archives are at http://www.freelists.org/archives/oracle-l/
> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- -- This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Limited unless expressly stated otherwise. ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Fri Jun 11 2004 - 09:25:50 CDT
 |
 |