|
|
> still can't understand SEC_MAX_FAILED_LOGIN_ATTEMPTS how to "drop connections after the specified number of authentication attempts fail"
I have a feeling that we have to write a sophisticated maybe an OCI client program to test this. The program would initiate a connection so the server side process is started and a TCP connection is established. The program sends username and a wrong password. The server process rejects the logon but stays running because the client doesn't tell it to exit. The program tries another time with a wrong password, another time, another time, ... never telling the server process to exit. With SEC_MAX_FAILED_LOGIN_ATTEMPTS set, I imagine the server process will exit even if the client never tells it to. The problem with trying to simulate with Sqlplus is that I think Sqlplus quietly requests to the server process to exit after a failed logon. The OCI program we write should avoid doing that.
BTW, any such test should make sure your profile has failed_login_attempts set to unlimited to avoid its irrelevant interference. |
|
楼主: losingb
IP卡
狗仔卡
发表于 2013-8-21 00:21
显身卡