You can specify that when an incorrect password is entered a specified number of times in succession, that user is to be prohibited from connecting (CONNECT) to HiRDB. You make this specification by setting a maximum number of consecutive connection failures (permitted number of consecutive certification failures). Any user who exceeds this number of unsuccessful password entry attempts will be barred from connecting to HiRDB.

For example, if you specify 3 for the permitted number of consecutive certification failures, any user's fourth consecutive failed attempt to gain user certification will place that user in consecutive certification failure account lock state Users placed in this status can no longer connect (CONNECT) to HiRDB.

Reference note

You cannot set restrictions on the number of consecutive certification failures for individual users. The settings you specify here apply to all users of HiRDB (including DBA privilege holders and auditors).

You can also set a time period during which an account will be kept in consecutive certification failure account lock state (account lock period). For example, if you set the account lock period at 1 hour, a consecutive certification failure account lock state will remain in effect for one hour. After one hour, the consecutive certification failure account lock state will be released and the user will be permitted once again to connect to HiRDB.

Reference note

• You can also set the account lock period to be indefinite (permanent).
• You can release an account from consecutive certification failure account lock state before the account lock period has expired.

You use CREATE CONNECTION SECURITY to set restrictions on the number of consecutive certification failures.