I don't think the x failed attempts lock will do anything. Because in this case they are not brute forcing it by trying to log in. It assumes you have access to the one-way encrypted(hashed) passwords and brute force on that. Just like you got hold of the /etc/shadow file on Unix and run cracker jack to brute force attack it. So you do need to get hold of the file first which could be a tricky part.
-----Original Message----- Sent: Tuesday, December 17, 2002 2:16 PM To: Multiple recipients of list ORACLE-L it's definitely a one-way encryption on the password, I forget where I read it but I do know that's true. I think that in addition to a strong password, if you lock an account after x failed attempts then they'd have to be REALLY lucky to guess it on the first few tries. Rachel --- John Kanagaraj <[EMAIL PROTECTED]> wrote: > Jared, > > This seems to be a 'brute force' dictionary based attack, as I > believe the > Oracle password is a one-way trapdoor (just as UNIX). I don't think > this > will be able to crack a strong password created from say a > combination of > the first characters of an arbitrary sentence. > > John Kanagaraj > Oracle Applications DBA > DBSoft Inc > (W): 408-970-7002 > > So WHO is the Reason for the Season?! Write me for details! > > ** The opinions and statements above are entirely my own and not > those of my > employer or clients ** > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 17, 2002 9:09 AM > > To: Multiple recipients of list ORACLE-L > > Subject: RE: password > > > > > > Hmm... > > > > Well maybe you *can* crack oracle passwords. > > > > I've just ordered the full version of this product. ( $4, I don't > > think I need to bother the purchasing department ). > > > > I'll let you know how it works. > > > > Jared > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: John Kanagaraj > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Richard Ji INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
