最近在学习oracle,发现了oracle中有关用户名以及密码的一点特性,
1:Oracle的用户名,默认创建到数据库中会自动全部转换为大写保存
2:Oracle的账号密码不区分大小写
以下是实验验证过程:
1:验证密码不区分大小。无论密码是否加双引号
修改用户密码---不加引号
SQL> alter user harvey identified by fih123456;
User altered.
SQL> disconn
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
以原密码连接
SQL> conn harvey/fih123456;
Connected.
SQL> disconn
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
以大写密码连接
SQL> conn harvey/FIH123456;
Connected.
以上验证均成功,下面再次修改密码,使用双引号
SQL> alter user harvey identified by "fih123456";
User altered.
SQL> disconn
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> conn harvey/FIH123456;
Connected.
自此发现也是成功的。所以猜测ORACLE在存储密码时是先把密码全部转为大写。然后使用相应加密算法来进行存储。
此点有待后续验证
2:验证用户名的大小写
SQL> create user testa identified by abc123 default tablespace testa temporary tablespace temp;
User created.
SQL> grant connect,resource to testa;
Grant succeeded.
SQL> create user "testb" identified by abc123 default tablespace testb temporary tablespace temp;
User created.
SQL> grant connect,resource to testb;
grant connect,resource to testb
*
ERROR at line 1:
ORA-01917: user or role 'TESTB' does not exist
SQL> grant connect,resource to "testb";
Grant succeeded.
SQL> select username from dba_users
2 where account_status='OPEN';
USERNAME
------------------------------
MGMT_VIEW
SYS
SYSTEM
DBSNMP
SYSMAN
HARVEY
TESTA
testb
8 rows selected.
SQL> disconn
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> conn testa/abc123
Connected.
SQL> disconn
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> conn testb/abc123
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> conn "testb"/abc123;
Connected.
至此,推测oracle默认把用户名转成大写存入数据库中,双引号原样保留。
问题:oracle的用户密码是如何加密的?