Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "More details on default failed_login_attempts"] [Next entry: "Amis has a good post on debugging client side SQL*Net"]

more failed_login_attempts!

I saw Laurent Schneider's post today titled "FAILED_LOGIN_ATTEMPTS part 2" about the failed_login_attempts profile parameter in 10g R2 being defaulted to 10 for all users in this new release. He was also kind enough to email me about this post and my second post yesterday about the same subject. Alex sent me a screen dump of his 10g R2 database where the user DBSNMP did not have the default profile and had instead a profile called MONITORING_PROFILE with a default value of UNLIMITED. As you can see in Laurent's pots his example has DBSMP in the default profile with a default value of 10 for the failed_login_attempts. I don't know why there is a difference at this point other than to say it must be because of a difference in the database creation, maybe Alex used a seed database. It is still interesting though.