Reputation: 138
Oracle locking users when they use the same password
we have oracle set up to lock a user after 3 failed login attempts. however, when we change a password, we have some systems that will continue to use the old password for a few seconds. This is causing these accounts to get locked.
The purpose of locking an account is to prevent people from brute forcing a password.. but if systems just try the same password over and over, that's not really the point of locking the account. is there any way to allow the same password to be tried repetitively, but lock the account after 3 different passwords are tried?
Upvotes: 2
Views: 279
Answers (1)
Reputation: 35401
I don't believe there's any simple syntax for this.
Looking here you can probably develop a DDL trigger fired after an ALTER USER command that determines, from expiry_date on DBA_USERS, whether the password has just been changed. In that situation, it can change the profile to a less restrictive FAILED_LOGIN_ATTEMPTS. Then you'd have a batch job that picks up accounts with that profile after an hour or two, and sets it back to the standard profile.
Upvotes: 2
Related Questions
- How to lock accounts after 3 times of invalid login in Oracle Apex?
- Why alter user lock, still can query?
- Oracle 12c UNLOCK ALL LOCKED users in one shot
- How to lock user account after multiple attempted and password must not be plain text in Oracle Apex?
- Require old password when setting a new password to a specific user in Oracle
- ORACLE Managing Locked Accounts
- Oracle 11g login error- says account locked
- APEX locked user is still able to login
- How can user_tables get locked on Oracle?
- May SYS be locked in Oracle?