Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: determine value of password_lock_time
Terry Dykstra wrote:
> But an enduser has no access to dba_ views. user_users does not show the
> profile as dba_users does.
> Should I make a function that can read the dba_ views and then grant execute
> privileges on that function to the users?
>
Personally I would never tell someone that was locked out how long they were locked out. To do so is a security violation. It just gives a cracker one more piece of information that they don't require.
The only message someone should get is something like this:
"Your failed attempt to connect have been logged and reported to database security staff."
Then have the procedure use UTL_SMTP send an email message to the appropriate department manager or DBA. And I'd never reset the password without a long talk on a short subject.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Fri Nov 21 2003 - 15:42:03 CST