In message <1192550482.227729.88850_at_t8g2000prg.googlegroups.com>,
"fitzjarrell_at_cox.net" <fitzjarrell_at_cox.net> writes
>Comments embedded.
>On Oct 16, 10:04 am, "deebe..._at_gmail.com" <deebe..._at_gmail.com> wrote:
>> Hi,
>>
>> Using 10gR2 - trying to find out where FAILED_LOGIN_ATTEMPTS are
>> recorded.
>
>I doubt you'll find it anywhere.
>
>> FAILED_LOGIN_ATTEMPTS is currently set to 10 as per the Default
>> profile.
>>
>> There is no auditing in place but failed logins for users must be
>> recorded somewhere (ie internal table) for the profile to work.
>
>Why? Consider this:
>
>SQL>
>SQL> set serveroutput on size 1000000
>SQL>
>SQL> declare
> 2 login_trys number;
> 3 cursor get_failed_login_lim is
> 4 select limit
> 5 from dba_profiles
> 6 where resource_name = 'FAILED_LOGIN_ATTEMPTS'
> 7 and limit <> 'UNLIMITED';
> 8 begin
> 9 open get_failed_login_lim;
> 10 fetch get_failed_login_lim into login_trys;
> 11 close get_failed_login_lim;
> 12
> 13 for tries in 1..6 loop
> 14 if tries > login_trys then
> 15 dbms_output.put_line('BZZZZZZT!!!! Account
>locked!!!');
> 16 else
> 17 dbms_output.put_line('Keep trying ...');
> 18 end if;
> 19 end loop;
> 20 end;
> 21 /
>Keep trying ...
>Keep trying ...
>Keep trying ...
>Keep trying ...
>Keep trying ...
>BZZZZZZT!!!! Account locked!!!
>
>PL/SQL procedure successfully completed.
>
>SQL>
>
>The code processing the login attempts can 'store' the failed tries in
>memory and still function as required. The only static value in this
>process is the setting for FAILED_LOGIN_ATTEMPTS, so that's all that
>needs to be stored in the database.
>
This would fail across database restart. I've not really tested, but I
would expect a failed login lock to work for N consecutive failures
across a longer period, including after database restart
--
Jim Smith
Ponder Stibbons Limited <http://oracleandting.blogspot.com/>
RSS <http://oracleandting.blogspot.com/atom.xml>
Received on Wed Oct 17 2007 - 01:30:59 CDT
