一、帐号失败登录记录
当用户输入错误的密码失败登录的次数超过限定后,Oracle会自动将该帐号锁住。在dba_profiles中,FAILED_LOGIN_ATTEMPTS参数会记录口令失败尝试次数。
SYS@MTH> select * from dba_profiles where resource_name='FAILED_LOGIN_ATTEMPTS';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ ----------------------------------------- --------------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
可以通过以下的命令将失败次数修改为无限制:
SYS@MTH> alter profile default limit FAILED_LOGIN_ATTEMPTS unlimited;
Profile altered.
修改失败登录尝试次数:
SYS@MTH> alter profile default limit FAILED_LOGIN_ATTEMPTS 20;
Profile altered.
SYS@MTH> select * from dba_profiles where resource_name='FAILED_LOGIN_ATTEMPTS';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ --------------------------------------- -------------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 20
可以通过以下语句查看哪个帐号,在哪台server,已经失败登录过多少次:
SYS@MTH> select username,os_username,userhost,client_id,trunc(timestamp),count(*) failed_logins
2 from dba_audit_trail
3 where returncode=1017 and timestamp >sysdate -1
4 group by username,os_username,userhost,client_id,trunc(timestamp);
USERNAME OS_USERNAME USERHOST CLIENT_ID TRUNC(TIMESTAMP) FAILED_LOGINS
------------------------------ ------------------------------ ------------------------------ ---------------- ------------------------- -------------
MTH oracle C01TEST03 23-MAY-17 3
MTH oracle C01TEST03 22-MAY-17 1
二、口令是否区分大小写
Oracle 11g之前,帐号的密码是不区分大小写的,11g之后,口令开始区分大小写。
下面进行测试:
SYS@MTH> show parameter sec_case_sensitive_logon
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
sec_case_sensitive_logon boolean TRUE
SYS@MTH> alter user mth identified by mth;
User altered.
SYS@MTH> conn mth/MTH;
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
@>
@> conn mth/mth
Connected.
修改参数sec_case_sensitive_logon值为false.
MTH@MTH> conn / as sysdba
Connected.
SYS@MTH> alter system set sec_case_sensitive_logon=false;
System altered.
SYS@MTH>
SYS@MTH> show parameter sec_case_sensitive_logon
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
sec_case_sensitive_logon boolean FALSE
SYS@MTH>
SYS@MTH> conn mth/MTH
Connected.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/30776559/viewspace-2139752/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/30776559/viewspace-2139752/