Re: trigger to unsuccessfull login

Tanel Poder wrote:

> Hello!
>
> You could write your own password verify function for Oracle and set it to
> all (any) users with PASSWORD_VERIFY_FUNCTION profile option. You could keep
> a log in some table - using autonomous transactions.
>
> I haven't tried it, but it should work if there's no specific restrictions
> during logon.
>
> Tanel.
>
> "DA Morgan" <damorgan_at_exesolutions.com> wrote in message
> news:3E4CB6D4.D01A1E83_at_exesolutions.com...
> > Andris Jancevskis wrote:
> >
> > > Hi!
> > >
> > > How can I check usuccessfull login attempt?
> > > I can check time when user lon in with database triger, but it is
> > > _after_ event. Should I modify trigger SYS_LOGON ?
> > >
> > > I don't like to do this.
> > >
> > > cheers,
> > > Andris
> >
> > AFAIK unsuccessful attempts can not be trapped inside the database
> > unless the SYSTEM trigger AFTER SERVERERROR or something like it catches
> > them. I haven't really checked.
> >
> > I will be very interested in responses that may indicate a means of
> > doing so other than in the operating system.
> >
> > But the reason I have never cared much is that I always alter the
> > default profile to lock any account after three attempts at the
> > password. It really makes cracking painfully hard to do and impossible
> > for a program that tries different combinations. It only gets to try 3
> > every three days.
> >
> > Daniel Morgan
> >

AFAIK Password Veify Function will control the creation of passwords ... not failed attempts to logon or to hack a system.

Daniel Morgan Received on Fri Feb 14 2003 - 10:48:57 CST