Home » RDBMS Server » Security » Modifying User Profile to lock him after 3 attempts
Modifying User Profile to lock him after 3 attempts [message #17868] Wed, 02 February 2005 23:29 Go to next message
Godwin
Messages: 37
Registered: January 2002
Member
How do i modify users profile through sql to lock them after 3 attemps and how do unlock them.
Please demonstrate with code.
thanks.
Re: Modifying User Profile to lock him after 3 attempts [message #17873 is a reply to message #17868] Thu, 03 February 2005 01:24 Go to previous messageGo to next message
Maaher
Messages: 7065
Registered: December 2001
Senior Member
From the Oracle9i Database Administrator's Guide
Release 2 (9.2)

----------------------------------------------------------------------

Account Locking

When a particular user exceeds a designated number of
failed login attempts, the server automatically locks that user's
account. You specify the permissible number of failed login attempts
using the CREATE PROFILE statement. You can also specify the amount of time accounts remain locked.

In the following example, the maximum number of failed login attempts for the user ashwini
is four, and the amount of time the account will remain locked is 30
days. The account will unlock automatically after the passage of 30
days.

CREATE PROFILE prof LIMIT
    FAILED_LOGIN_ATTEMPTS 4
    PASSWORD_LOCK_TIME 30;
ALTER USER ashwini PROFILE prof;


If you do not specify a time interval for unlocking the account, PASSWORD_LOCK_TIME
assumes the value specified in a default profile. If you specify PASSWORD_LOCK_TIME as UNLIMITED,
the account must be explicitly unlocked using an ALTER USER statement. For example,
assuming that PASSWORD_LOCK_TIME UNLIMITED is specified for ashwini, then
the following statement must be used to unlock the account:

ALTER USER ashwini ACCOUNT UNLOCK;


After a user successfully logs into an account, that user's unsuccessful login attempt count, if there is one, is reset to 0.

----------------------------------------------------------------------
MHE
Re: Modifying User Profile to lock him after 3 attempts [message #17875 is a reply to message #17873] Thu, 03 February 2005 02:59 Go to previous messageGo to next message
Godwin
Messages: 37
Registered: January 2002
Member
It worked perfectly.
One more thing:
I was able to create users and alter their passwords through forms 6i. Am trying to use the same idea to unlock users account through forms 6i but it did not work. What is it that am not doing rightly:
this is my example:

DECLARE
al_id Alert;
c_alert NUMBER;
sql_str varchar2(200);
BEGIN

sql_str :='ALTER USER '|| :user_name ||'ACCOUNT UNLOCK ';
FORMS_DDL(sql_str);
--message('Password Successfully Changed');
c_alert := SHOW_ALERT('CONFIRM');
--go_block('one');
clear_block(no_validate);
end;
Re: Modifying User Profile to lock him after 3 attempts [message #17876 is a reply to message #17875] Thu, 03 February 2005 03:25 Go to previous messageGo to next message
Maaher
Messages: 7065
Registered: December 2001
Senior Member
It seems you're missing a blank in your statement:
sql_str :='ALTER USER '|| :user_name ||'ACCOUNT UNLOCK ';
                                       |
                                       ---- blank missing between single quote and ACCOUNT
MHE
Re: Modifying User Profile to lock him after 3 attempts [message #17878 is a reply to message #17876] Thu, 03 February 2005 04:46 Go to previous messageGo to next message
Godwin
Messages: 37
Registered: January 2002
Member
It worked. Thank you for the support.
Maaher pls check out this for me.
In forms 6i i have some of my data fields mandatory which does not allow users to continue to the next field until data is entered. How do i overcome this constraint without changing the field mandatory property to NO. What i realise is that the moment the user runs the form and the cursor enter into the first field the user cant even exit from the form if he so wish. Cant i write code under WHEN-BUTTON-PRESSED trigger to exit the form and therefore overcome that constraint?
Re: Modifying User Profile to lock him after 3 attempts [message #17884 is a reply to message #17878] Thu, 03 February 2005 06:17 Go to previous messageGo to next message
Bill B
Messages: 1971
Registered: December 2004
Senior Member
Make the mandatory field to NO, and then check to make sure that the field was set using the record validation tribber. This will allow the user to go to whatever field that they want and you can decide if the record sould be thrown out when the record is validated.
Bill's right! [message #17894 is a reply to message #17884] Thu, 03 February 2005 11:04 Go to previous messageGo to next message
Maaher
Messages: 7065
Registered: December 2001
Senior Member
Create a WHEN-VALIDATE-RECORD trigger in which you check for the mandatory fields.

MHE
Re: Bill's right! [message #17901 is a reply to message #17894] Thu, 03 February 2005 12:44 Go to previous message
simi
Messages: 23
Registered: August 2002
Junior Member
Its better to write validation(mandatory check) in When-Validate-Item trigger rather than When-validate-trigger.
Previous Topic: How to operate a user's password and change it back
Next Topic: Application security
Goto Forum:
  


Current Time: Thu Mar 28 06:13:39 CDT 2024