Oracle 11g - Authentication Attempts Restriction Oracle tool

by / 2009-2010 / Published in Oracle DBA Tips

oracle security

For restricting fail login attempts, Oracle provides profile setting parameter called failed_login_attempt. After enabling this profile parameter we can restrict user level failed login connection try. This is set for user level. Means if you set failed_login_attempt using profile then it is attached with only user level and after such login trial failure, the respective user account will be locked.

But hacker is smarter than admin, hacker can establish connection without any user connection and execute the loop for guessing username and password. Once server process started, server process is checking given username and password in to database and providing reply. Means if hacker is executing loop with guessing password less than failed_login_attempts profile setting then hacker can get success to trace password without affect on database.


In Oracle 11g new feature was introduced called SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter. You can set this parameter in your parameter file. If Oracle find out more than trial connections or attempts then drop said connection.

Default value is 10 for SEC_MAX_FAILED_LOGIN_ATTEMPTS. But you can modify it and set as per your own value. If failure login attempt is increasing more than secure failed login parameter then Oracle server process will drop such connection. Using this secure maximum failure login parameter you can prevent such hacker or intruder attack activity for password guessing.


Oracle DBA Interview Questions

Profile setting of malfunction access and parameter setting of secure maximum failure login attempt both are different things. Profile is restricting user level access control and parameter SEC_MAX_FAILED_LOGIN_ATTEMPTS is restricting whole database level control. Profile setup of failed_login_attempt restricts number of attempts for single user level failure password access. SEC_MAX_FAILED_LOGIN_ATTEMPTS restricts connection level failure access of whole database, it is affective number of connection failure for various user level. If failure attempting is increasing of profile of failed_login_attempts then user account will be locked. If failure attempting is increasing of parameter SEC_MAX_FAILED_LOGIN_ATTEMPTS, then connection is dropped by server process in Oracle database.

Strong and positive factor of SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter doesn't harmful any trustful user activity in database which are not affect any valid user connection.

In short, excellent security feature was introduced in Oracle 11g that we can prevent malicious attack activities from database side and able to protect database from intruder. This is very useful & important security parameter setting for remote dba services and remote dba support.

Indeed Oracle 11g becomes more secure.There are more excellent new security features introduced in Oracle 11g database.

Exclusive and professional Database services offered by Dbametrix with strong response time and high availability for important and critical Oracle databases. Expert remote dba team of Dbametrix is having wide experience to manage large and critical database with quick problem resolution.

Dbametrix is world wide leader in remote dba support. Expert remote DBA team of Dbametrix is offering high quality professional Oracle DBA support with strong response time to fulfill your SLA. Contact our sales department for more information.