Re: Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles

From: Don Seiler <>
Date: Fri, 6 Dec 2013 10:19:42 -0600
Message-ID: <>

I'd start by getting a large cricket bat or wooden paddle and let IT know the consequences of using the wrong DB.

On Fri, Dec 6, 2013 at 9:07 AM, Rich Jesse <
> wrote:

> Hey all,
> I'm expecting to get dinged on an audit because I have
> set to 10 in a profile (, if that matters). On our new DBs, I plan
> on changing that to UNLIMITED. The initial feedback from the auditors is
> that "the recommended is 3 to 5".
> I reasoned that instead of a malicious attempt to break in to our ERP DB,
> it's much more likely that someone (in IT) will accidentally choose our
> Production ERP DB when they meant to choose Development (which has a
> different password), causing login failures which could lockout the
> account,
> effectively causing a denial of service. This has already happened, but
> with a non-existent user, so no harm done.
> I have EM12c paging me for EVERY login failure in Production, since there
> are no user logins other than for the DBA (me).
> What do others do? Take the audit hit and just move on?
> TIA!
> Rich
> --

Don Seiler

Received on Fri Dec 06 2013 - 17:19:42 CET

Original text of this message