Your database initialization parameter file has the following entry: SEC_MAX_FAILED_LOGIN_ATTEMPTS=3


Which statement is true regarding this setting?  


 A. It drops the connection after the specified number of login attempts fail for any user. 

 B. It is enforced only if the password profile is enabled for the user.

 C. It locks the user account after the specified number of attempts. 

 D. It drops the connection after the specified number of login attempts fail only for users who have the SYSDBA privilege.


【11g新特性】sec_max_failed_login_attempts (默认为10,范围为1到unlimited)这个参数以11g 新特性形式引入, 文档对它的描述是

SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection to the server process. After the specified number of failure attempts, the connection will be automatically dropped by the server process.

 

但是有同学怎么测试都无法生效, 实际该参数只对使用了OCI 的特定程序生效,而使用SQLPLUS是无法生效的, 坑爹的新特性:

 

SEC_MAX_FAILED_LOGIN_ATTEMPTS only works application uses OCI Program.SEC_MAX_FAILED_LOGIN_ATTEMPTS not work in sqlplus.

OCI Program have the following ,it wil work.

1.You need to use OCI_THREADED mode.

2.You need to set the attribute ofserver, username, password attributes in the appropriate handles:

3.You need to useOCISessionBegin to connect to the database