[AccessD] forced logout

Our Novell network login, for the county I work for, considers itself
"breeched", if a user enters an invalid password five times within a 30
minute time span. It is then turned off, until they call me and I unlock
it--I go into their account and uncheck the "Account  Locked" option, in
the "Intruder Lockout" section. 
 
I probably get an average of two or three calls each day to do
this--and this number spikes during certain periods. Most of it--I would
say 99 of 100 calls--is simply forgotten passwords of similar. And, a
great deal of this is police officers, which I find pretty amusing
because they are suppose to have keen observational skills, and you
would think this would carry over to remembering their passwords--what
good is it to notice things, if you cannot remember what you've
noticed?
 
John "just chimin' in" Clark
 
 
 

>>> accessd at shaw.ca 2/10/2004 11:56:22 PM >>>

Hi John:

The typical government login gives the users three tries and then will
not
allow the same username to be used for about twenty minutes...it use to
be
an hour but there were too many complains from legitimate users. (Some
users
have been known to attempt login before their first cup of coffee!)

Jim

-----Original Message-----
From: accessd-bounces at databaseadvisors.com 
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of John W.
Colby
Sent: Tuesday, February 10, 2004 2:02 PM
To: AccessD
Subject: [AccessD] forced logout


I am almost finished with a class and a table to allow me to force a
logout
of my users from  the db.  In fact it is all working now, the only
remaining
question is "when do I let them back in".

Is anyone else doing this?  What is your answer?  My tendency is "keep
logged out between ThisTime and ThatTime", i.e. add a second time field
to
the table that is the time to allow back in.

Anyone?

My current system uses:

usysTblShutdown:

SD_ID        - autonumber PK
SD_Name    - Shutdown name
SD_Time    - Time to shutdown
SD_Enabled    - THIS shutdown is enabled
SD_Warnings    - The number of warnings to display before forcing a
shutdown
SD_WarningTime    - the number of seconds between warnings

I have a form that my framework opens that initializes the framework,
and
shuts it back down if the form tries to close.  Thus enabling a clean
shutdown regardless of anything other than perhaps a power failure.

I then use the timer for this form to call a method in my class which
checks
whether to do the shutdown.  The class raises an event with every
warning to
the user in case your app needs warning that a shutdown is imminent. 
The
class also raises an event when it is finally time to actually do the
shutdown.

I will publish the whole in a demo database as soon as I handle the
issue of
when to allow them back in.  All opinions welcomed then summarily
dismissed.

;-)

John W. Colby
www.ColbyConsulting.com 


_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com 
http://databaseadvisors.com/mailman/listinfo/accessd 
Website: http://www.databaseadvisors.com 

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com 
http://databaseadvisors.com/mailman/listinfo/accessd 
Website: http://www.databaseadvisors.com