8 Comments

  1. 11/13/2008

    I actually prefer setting the password to impossible values and *not* locking the account.

    If you lock an account, then the error “Account is locked” reveals information to a hacker (ie, that the account exists). If the account is open with an impossible password, then that information is not revealed.

    Cheers
    Connor

  2. 11/13/2008

    Thanks Connor, that’s a good suggestion.

    The less info revealed, the better. Totally agree.

  3. chen ruiqing
    11/26/2008

    there is an built-in user call “ANONYMOUS” is in the way.

  4. 11/26/2008

    Chen can you elaborate, I am not certain what you are trying to say with this remark about the anonymous account.

  5. chen ruiqing
    11/27/2008

    just notice that oracle treat user “ANONYMOUS” an impossible password, the same idea as yours.
    it is great your idea.

  6. chen ruiqing
    11/27/2008

    Great minds think alike!

  7. 3/7/2009

    this is very coo. thanks for sharing with us. it was a nice reading after 5 pints on my way back home on a typical london night:)

Comments are closed.