1. November 13

    I actually prefer setting the password to impossible values and *not* locking the account.

    If you lock an account, then the error “Account is locked” reveals information to a hacker (ie, that the account exists). If the account is open with an impossible password, then that information is not revealed.


  2. November 13

    Thanks Connor, that’s a good suggestion.

    The less info revealed, the better. Totally agree.

  3. chen ruiqing
    November 26

    there is an built-in user call “ANONYMOUS” is in the way.

  4. November 26

    Chen can you elaborate, I am not certain what you are trying to say with this remark about the anonymous account.

  5. chen ruiqing
    November 27

    just notice that oracle treat user “ANONYMOUS” an impossible password, the same idea as yours.
    it is great your idea.

  6. chen ruiqing
    November 27

    Great minds think alike!

  7. March 7

    this is very coo. thanks for sharing with us. it was a nice reading after 5 pints on my way back home on a typical london night:)

Comments are closed.