Re: FAILED_LOGIN _ATTEMPTS issue
Date: Thu, 11 Dec 2008 09:04:30 -0800
On Thu, Dec 11, 2008 at 5:55 AM, Remigiusz Sokolowski < remigiusz.sokolowski_at_nordea.com> wrote:
> I wonder how do You deal with FAILED_LOGIN _ATTEMPTS issue in a day to
> day practice.
> This part of profile is thought of as a countermeasure against "brute
> force" attacks on password, however dark side of it is a blocking an
You can use a profile to limit the number of attempts that may be made against a single account.
The failed_login_attempts parameter can be used to lock the account after N consecutive failed login attempts.
The password_lock_time parameter can be used to lock the account for N days after the failed login attempts threshold is reached, where N can be a fraction of a day.
eg. a value of 0.0104 would lock the account for approximately 15 minutes.
> The "ideal" solution to this issue would be to allow a client identified
> by IP to connect with for example only its own account or few chosen
> Any thoughts?
If the connections are made through an application server, using
to specify which clients may connect may be feasible.
If there's a large number of clients that connect directly to the database,
would probably be rather unwieldy.
There's probably other options available if you check into the Advanced Security Option. Personally, I have no experience with that.
Certifiable Oracle DBA and Part Time Perl Evangelist