| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Looking for suggestions...
You could do it the way they asked, but here's a simpler way to consider.
Why not just add the "unlock" logic to the login screen and change password screens?
"If the user is trying to log in and their account is locked, but the lock was done more than 30 minutes ago, unlock the account and continue with the login process."
Same results to the user, and much simpler!
-----Original Message-----
From: Mary Benson <mary.benson_at_tufts.edu>
Sent: Jun 11, 2004 9:16 AM
To: Oracle-L_at_freelists.org
Subject: Looking for suggestions...
We got the following request from our HR technical team. Has anyone done anything similar or have any reccomendations?
REQUEST:
"As part of the security review of the Self Service application, we need
to institute an account lock-out after 5 unsuccessful attempts when
requesting a new password. Additionally, the requirement calls for us
to reset the lock-out after 30 minutes. We can set the lock-out, but we
have no way to reset the lock-out after 30 minutes through the
application, but thought there could be a way to do this at the Oracle
level, like a database agent.
To do this, the agent would need to run against the PSOPRDEFN table, and check the value of LASTUPDDTTM (date/time stamp). If 30 minutes have elapsed and the value of ACCTLOCK = 1, then reset the ACCTLOCK to 0."
Thanks.
Mary Benson
Database Admin.
Tufts University
 |
 |