oracle11g 密码管理问题
2012-05-31 17:21
120 查看
oracle11g之后用户的密码已经不存储在dba_users中了
SQL> select *from v$version where rownum<2;
BANNER
----------------------------------------------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
SQL> select username,PASSWORD from dba_users where rownum<2;
USERNAME PASSWORD
-------------------- --------------------
SYS 8A8F025737A9097A
SQL> select * from v$version where rownum<2;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
SQL> col username for a20
SQL> col password for a20
SQL> select username,password from dba_users where rownum<2;
USERNAME PASSWORD
-------------------- --------------------
SYS
SQL>
10g的时候可能有人使用过orab破解过用户密码,这个还是挺好用的呵呵,但是对于11g来说这个软件好像不行了,可能是因为加密算法变了吧,在ORACLE 11g版本中,密码改成了Secure Hash Algorithm(SHA-1)算法,而不是以前的基于Data Encryption Standard(DES)的散列算法。
那么用户的密码到底存在那张表中那?
查看一下10G的dba_users的创建语句
SQL> select dbms_metadata.get_ddl('VIEW','DBA_USERS','SYS') from dual;
DBMS_METADATA.GET_DDL('VIEW','DBA_USERS','SYS')
--------------------------------------------------------------------------------
CREATE OR REPLACE FORCE VIEW "SYS"."DBA_USERS" ("USERNAME", "USER_ID", "PASSWO
PIRY_DATE", "DEFAULT_TABLESPACE", "TEMPORARY_TABLESPACE", "CREATED", "PROFILE",
"INITIAL_RSRC_CONSUMER_GROUP", "EXTERNAL_NAME") AS
select u.name, u.user#, u.password,
m.status,
decode(u.astatus, 4, u.ltime,
5, u.ltime,
6, u.ltime,
8, u.ltime,
9, u.ltime,
10, u.ltime, to_date(NULL)),
decode(u.astatus,
1, u.exptime,
2, u.exptime,
5, u.exptime,
6, u.exptime,
9, u.exptime,
10, u.exptime,
decode(u.ptime, '', to_date(NULL),
decode(pr.limit#, 2147483647, to_date(NULL),
decode(pr.limit#, 0,
decode(dp.limit#, 2147483647, to_date(NULL), u.ptime +
dp.limit#/86400),
u.ptime + pr.limit#/86400)))),
dts.name, tts.name, u.ctime, p.name,
nvl(cgm.consumer_group, 'DEFAULT_CONSUMER_GROUP'),
u.ext_username
from sys.user$ u left outer join sys.resource_group_mapping$ cgm
on (cgm.attribute = 'ORACLE_USER' and cgm.status = 'ACTIVE' and
cgm.value = u.name),
sys.ts$ dts, sys.ts$ tts, sys.profname$ p,
sys.user_astatus_map m, sys.profile$ pr, sys.profile$ dp
where u.datats# = dts.ts#
and u.resource$ = p.profile#
and u.tempts# = tts.ts#
and u.astatus = m.status#
and u.type# = 1
and u.resource$ = pr.profile#
and dp.profile# = 0
and dp.type#=1
and dp.resource#=1
and pr.type# = 1
and pr.resource# = 1
可以看到他直接取的就是 sys.user$里的密码,而11g的创建语句发生了变化
SQL> select dbms_metadata.get_ddl(OBJECT_TYPE=>'VIEW',NAME=>'DBA_USERS',SCHEMA=>'SYS') from dual;
DBMS_METADATA.GET_DDL(OBJECT_T
--------------------------------------------------------------------------------
CREATE OR REPLACE FORCE VIEW "SYS"."DBA_USERS" ("USERNAME", "USER_ID", "PASSWO
select u.name, u.user#,
decode(u.password, 'GLOBAL', u.password,
'EXTERNAL', u.password,
NULL),
m.status,
decode(u.astatus, 4, u.ltime,
5, u.ltime,
6, u.ltime,
8, u.ltime,
9, u.ltime,
10, u.ltime, to_date(NULL)),
decode(u.astatus,
1, u.exptime,
2, u.exptime,
5, u.exptime,
6, u.exptime,
9, u.exptime,
10, u.exptime,
decode(u.ptime, '', to_date(NULL),
decode(pr.limit#, 2147483647, to_date(NULL),
decode(pr.limit#, 0,
decode(dp.limit#, 2147483647, to_date(NULL), u.ptime +
dp.limit#/86400),
u.ptime + pr.limit#/86400)))),
dts.name, tts.name, u.ctime, p.name,
nvl(cgm.consumer_group, 'DEFAULT_CONSUMER_GROUP'),
u.ext_username,
decode(length(u.password),16,'10G ',NULL)||NVL2(u.spare4, '11G ' ,NULL),
decode(bitand(u.spare1, 16),
16, 'Y',
'N'),
decode(u.password, 'GLOBAL', 'GLOBAL',
'EXTERNAL', 'EXTERNAL',
'PASSWORD')
from sys.user$ u left outer join sys.resource_group_mapping$ cgm
on (cgm.attribute = 'ORACLE_USER' and cgm.status = 'ACTIVE' and
cgm.value = u.name),
sys.ts$ dts, sys.ts$ tts, sys.profname$ p,
sys.user_astatus_map m, sys.profile$ pr, sys.profile$ dp
where u.datats# = dts.ts#
and u.resource$ = p.profile#
and u.tempts# = tts.ts#
and u.astatus = m.status#
and u.type# = 1
and u.resource$ = pr.profile#
and dp.profile# = 0
and dp.type#=1
and dp.resource#=1
and pr.type# = 1
and pr.resource# = 1
只有全局用户以及外部用户才会在dba_usrs表中显示加密后的密码.
oracle11在用户口令上的改变还包括以下几个方面
密码区分大小写
可以通过初始化参数sec_case_sensitive_logon来控制密码是否大小写敏感,默认TRUE
密码复杂性检查
通过执行以下脚本生成密码复杂性检查函数verify_function_11G
@$ORACLE_HOME/RDBMS/ADMIN/utlpwdmg.sql
然后设置profile使用该函数来检查密码即可
ALTER PROFILE default PASSWORD_VERIFY_FUNCTION verify_function_11G;
强度更高的Hash加密算法
Oracle11g采用安全散列算法(Secure Hash Algorithm)SHA-1做为新的加密算法
以及新增密码错误后延迟验证的功能,这使得通过程序来破解密码变得更加的困难-----密码错误延迟登录有可能会照成row cache lock的等待时间
默认情况下用户输入10次错误的密码之后会被锁住:
SQL> select * from dba_profiles where profile='DEFAULT';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10--------------------------------默认值
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
下面来看一下密码延迟验证的现象以及带来的问题:
10g的情况下没有任何的延迟
SQL> set time on
14:16:44 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:52 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:53 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:54 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:55 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:55 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:56 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:57 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
11g的情况:
22:29:41 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:43 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:44 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:46 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:49 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:53 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:58 SQL> connect test/11;
Connected.
22:30:01 SQL>
可以看到密码错误之后每次的验证时间明显加长,但是输入一次正确的密码缺没有进行延迟验证
但是当有一个正确的连接连上来之后延迟验证的时间有重新从小到多,根据这个现象,个人推测Oracle为了实现延迟验证,必然需要在共享池中保存一个类似计数器的对象。这个计数器记录用户登录连续密码错误次数,从而确定延迟验证的等待时间。当用户成功登录,计数器清零。如果是一个会话,那么只需要独占这个计数器就可以了,当存在两个以上的会话,且两个会话都试图修改计数器的内容,那么资源竞争就出现了,而体现在数据库中的等待事件就是library cache lock。
下面来看一下密码错误导致的library cache lock等待
使用session 1-错误密码连接数据库,查看此时的等待事件
00:48:41 sql1>connect test/a;
ERROR:
ORA-01017: invalid username/password; logon denied
01:11:42 sql1>connect test/a;
ERROR:
ORA-01017: invalid username/password; logon denied
----session3来查等待事件得到的是"SQL*Net message from client"
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
36 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 3
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
36 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 2
sql3>
如果此时再加进session2,session3那?
结果发现先连进来的session的等待事件是SQL*Net message from client,而其他都是library cache lock
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
36 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 4
38 sqlplus@oracle11 (TNS V1-V3) library cache lock 1
48 sqlplus@oracle11 (TNS V1-V3) library cache lock 3
如果此时有一个用户以正确的密码登陆是啥情况那??
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
1 sqlplus@oracle11 (TNS V1-V3) library cache lock 1
38 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 3
48 sqlplus@oracle11 (TNS V1-V3) library cache lock 2
结果发现还是在等待,延迟验证结束之后正常登陆
01:16:19 sql1>connect test/a;
ERROR:
ORA-01017: invalid username/password; logon denied
01:19:30 sql1>
sql2>connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
sql2>
SQL> connect test/11;
Connected.
SQL>
11g的密码管理还是需要小心
SQL> select *from v$version where rownum<2;
BANNER
----------------------------------------------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
SQL> select username,PASSWORD from dba_users where rownum<2;
USERNAME PASSWORD
-------------------- --------------------
SYS 8A8F025737A9097A
SQL> select * from v$version where rownum<2;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
SQL> col username for a20
SQL> col password for a20
SQL> select username,password from dba_users where rownum<2;
USERNAME PASSWORD
-------------------- --------------------
SYS
SQL>
10g的时候可能有人使用过orab破解过用户密码,这个还是挺好用的呵呵,但是对于11g来说这个软件好像不行了,可能是因为加密算法变了吧,在ORACLE 11g版本中,密码改成了Secure Hash Algorithm(SHA-1)算法,而不是以前的基于Data Encryption Standard(DES)的散列算法。
那么用户的密码到底存在那张表中那?
查看一下10G的dba_users的创建语句
SQL> select dbms_metadata.get_ddl('VIEW','DBA_USERS','SYS') from dual;
DBMS_METADATA.GET_DDL('VIEW','DBA_USERS','SYS')
--------------------------------------------------------------------------------
CREATE OR REPLACE FORCE VIEW "SYS"."DBA_USERS" ("USERNAME", "USER_ID", "PASSWO
PIRY_DATE", "DEFAULT_TABLESPACE", "TEMPORARY_TABLESPACE", "CREATED", "PROFILE",
"INITIAL_RSRC_CONSUMER_GROUP", "EXTERNAL_NAME") AS
select u.name, u.user#, u.password,
m.status,
decode(u.astatus, 4, u.ltime,
5, u.ltime,
6, u.ltime,
8, u.ltime,
9, u.ltime,
10, u.ltime, to_date(NULL)),
decode(u.astatus,
1, u.exptime,
2, u.exptime,
5, u.exptime,
6, u.exptime,
9, u.exptime,
10, u.exptime,
decode(u.ptime, '', to_date(NULL),
decode(pr.limit#, 2147483647, to_date(NULL),
decode(pr.limit#, 0,
decode(dp.limit#, 2147483647, to_date(NULL), u.ptime +
dp.limit#/86400),
u.ptime + pr.limit#/86400)))),
dts.name, tts.name, u.ctime, p.name,
nvl(cgm.consumer_group, 'DEFAULT_CONSUMER_GROUP'),
u.ext_username
from sys.user$ u left outer join sys.resource_group_mapping$ cgm
on (cgm.attribute = 'ORACLE_USER' and cgm.status = 'ACTIVE' and
cgm.value = u.name),
sys.ts$ dts, sys.ts$ tts, sys.profname$ p,
sys.user_astatus_map m, sys.profile$ pr, sys.profile$ dp
where u.datats# = dts.ts#
and u.resource$ = p.profile#
and u.tempts# = tts.ts#
and u.astatus = m.status#
and u.type# = 1
and u.resource$ = pr.profile#
and dp.profile# = 0
and dp.type#=1
and dp.resource#=1
and pr.type# = 1
and pr.resource# = 1
可以看到他直接取的就是 sys.user$里的密码,而11g的创建语句发生了变化
SQL> select dbms_metadata.get_ddl(OBJECT_TYPE=>'VIEW',NAME=>'DBA_USERS',SCHEMA=>'SYS') from dual;
DBMS_METADATA.GET_DDL(OBJECT_T
--------------------------------------------------------------------------------
CREATE OR REPLACE FORCE VIEW "SYS"."DBA_USERS" ("USERNAME", "USER_ID", "PASSWO
select u.name, u.user#,
decode(u.password, 'GLOBAL', u.password,
'EXTERNAL', u.password,
NULL),
m.status,
decode(u.astatus, 4, u.ltime,
5, u.ltime,
6, u.ltime,
8, u.ltime,
9, u.ltime,
10, u.ltime, to_date(NULL)),
decode(u.astatus,
1, u.exptime,
2, u.exptime,
5, u.exptime,
6, u.exptime,
9, u.exptime,
10, u.exptime,
decode(u.ptime, '', to_date(NULL),
decode(pr.limit#, 2147483647, to_date(NULL),
decode(pr.limit#, 0,
decode(dp.limit#, 2147483647, to_date(NULL), u.ptime +
dp.limit#/86400),
u.ptime + pr.limit#/86400)))),
dts.name, tts.name, u.ctime, p.name,
nvl(cgm.consumer_group, 'DEFAULT_CONSUMER_GROUP'),
u.ext_username,
decode(length(u.password),16,'10G ',NULL)||NVL2(u.spare4, '11G ' ,NULL),
decode(bitand(u.spare1, 16),
16, 'Y',
'N'),
decode(u.password, 'GLOBAL', 'GLOBAL',
'EXTERNAL', 'EXTERNAL',
'PASSWORD')
from sys.user$ u left outer join sys.resource_group_mapping$ cgm
on (cgm.attribute = 'ORACLE_USER' and cgm.status = 'ACTIVE' and
cgm.value = u.name),
sys.ts$ dts, sys.ts$ tts, sys.profname$ p,
sys.user_astatus_map m, sys.profile$ pr, sys.profile$ dp
where u.datats# = dts.ts#
and u.resource$ = p.profile#
and u.tempts# = tts.ts#
and u.astatus = m.status#
and u.type# = 1
and u.resource$ = pr.profile#
and dp.profile# = 0
and dp.type#=1
and dp.resource#=1
and pr.type# = 1
and pr.resource# = 1
只有全局用户以及外部用户才会在dba_usrs表中显示加密后的密码.
oracle11在用户口令上的改变还包括以下几个方面
密码区分大小写
可以通过初始化参数sec_case_sensitive_logon来控制密码是否大小写敏感,默认TRUE
密码复杂性检查
通过执行以下脚本生成密码复杂性检查函数verify_function_11G
@$ORACLE_HOME/RDBMS/ADMIN/utlpwdmg.sql
然后设置profile使用该函数来检查密码即可
ALTER PROFILE default PASSWORD_VERIFY_FUNCTION verify_function_11G;
强度更高的Hash加密算法
Oracle11g采用安全散列算法(Secure Hash Algorithm)SHA-1做为新的加密算法
以及新增密码错误后延迟验证的功能,这使得通过程序来破解密码变得更加的困难-----密码错误延迟登录有可能会照成row cache lock的等待时间
默认情况下用户输入10次错误的密码之后会被锁住:
SQL> select * from dba_profiles where profile='DEFAULT';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10--------------------------------默认值
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
下面来看一下密码延迟验证的现象以及带来的问题:
10g的情况下没有任何的延迟
SQL> set time on
14:16:44 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:52 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:53 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:54 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:55 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:55 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:56 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
14:16:57 SQL> connect test/test1;
ERROR:
ORA-01017: invalid username/password; logon denied
11g的情况:
22:29:41 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:43 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:44 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:46 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:49 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:53 SQL> connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
22:29:58 SQL> connect test/11;
Connected.
22:30:01 SQL>
可以看到密码错误之后每次的验证时间明显加长,但是输入一次正确的密码缺没有进行延迟验证
但是当有一个正确的连接连上来之后延迟验证的时间有重新从小到多,根据这个现象,个人推测Oracle为了实现延迟验证,必然需要在共享池中保存一个类似计数器的对象。这个计数器记录用户登录连续密码错误次数,从而确定延迟验证的等待时间。当用户成功登录,计数器清零。如果是一个会话,那么只需要独占这个计数器就可以了,当存在两个以上的会话,且两个会话都试图修改计数器的内容,那么资源竞争就出现了,而体现在数据库中的等待事件就是library cache lock。
下面来看一下密码错误导致的library cache lock等待
使用session 1-错误密码连接数据库,查看此时的等待事件
00:48:41 sql1>connect test/a;
ERROR:
ORA-01017: invalid username/password; logon denied
01:11:42 sql1>connect test/a;
ERROR:
ORA-01017: invalid username/password; logon denied
----session3来查等待事件得到的是"SQL*Net message from client"
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
36 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 3
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
36 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 2
sql3>
如果此时再加进session2,session3那?
结果发现先连进来的session的等待事件是SQL*Net message from client,而其他都是library cache lock
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
36 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 4
38 sqlplus@oracle11 (TNS V1-V3) library cache lock 1
48 sqlplus@oracle11 (TNS V1-V3) library cache lock 3
如果此时有一个用户以正确的密码登陆是啥情况那??
sql3>SELECT SID, USERNAME, PROGRAM, EVENT, SECONDS_IN_WAIT FROM V$SESSION WHERE NVL(USERNAME, 'OTHER') != USER AND NVL(PROGRAM, 'OTHER') NOT LIKE 'oracle@%';
SID US PROGRAM EVENT SECONDS_IN_WAIT
---- -- ------------------------------ ------------------------------ ---------------
1 sqlplus@oracle11 (TNS V1-V3) library cache lock 1
38 sqlplus@oracle11 (TNS V1-V3) SQL*Net message from client 3
48 sqlplus@oracle11 (TNS V1-V3) library cache lock 2
结果发现还是在等待,延迟验证结束之后正常登陆
01:16:19 sql1>connect test/a;
ERROR:
ORA-01017: invalid username/password; logon denied
01:19:30 sql1>
sql2>connect test/1;
ERROR:
ORA-01017: invalid username/password; logon denied
sql2>
SQL> connect test/11;
Connected.
SQL>
11g的密码管理还是需要小心
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 如何解决企事业信息系统越来越多导致的帐号密码安全及管理混乱问题
- oracle11g 修改密码后登录的TNS-12535: TNS:operation timed out问题
- Oracle11g 账号锁定及密码有效期问题
- oracle11g密码大小写敏感问题
- oracle11g密码大小写敏感问题
- oracle11g密码过期问题
- oracle11G 用户密码180天过期的问题
- BB平台oracle11g-180天密码过期问题处理
- ORACLE11g关于用户密码过期问题的解决
- oracle11G 用户密码180天过期的问题
- Oracle11g之用户密码过期与修改用户密码|ArcSDE10因oracle用户密码过期而无法连接oracle数据库问题的解决
- oracle11g管理员密码忘记怎么办 sqlplus解决忘记密码问题
- 关于Oracle11g的用户默认密码180天的问题
- Oracle11g 账号锁定及密码有效期问题
- oracle11g 遇到用户密码过期的问题
- Oracle11g存在密码过期问题
- ORACLE11g关于用户密码过期的问题解决
- 更改weblgic管理密码后无法启动问题
- ORACLE11G用户密码过期问题,解决方法
- 免安装版Tomcat 6.0.35碰到的问题 :打开tomcat管理界面时,用户名和密码错误的设置方法