1. 11/13/2008

    I actually prefer setting the password to impossible values and *not* locking the account.

    If you lock an account, then the error “Account is locked” reveals information to a hacker (ie, that the account exists). If the account is open with an impossible password, then that information is not revealed.


  2. 11/13/2008

    Thanks Connor, that’s a good suggestion.

    The less info revealed, the better. Totally agree.

  3. chen ruiqing

    there is an built-in user call “ANONYMOUS” is in the way.

  4. 11/26/2008

    Chen can you elaborate, I am not certain what you are trying to say with this remark about the anonymous account.

  5. chen ruiqing

    just notice that oracle treat user “ANONYMOUS” an impossible password, the same idea as yours.
    it is great your idea.

  6. chen ruiqing

    Great minds think alike!

  7. 3/7/2009

    this is very coo. thanks for sharing with us. it was a nice reading after 5 pints on my way back home on a typical london night:)

Comments are closed.