oracle profile 試驗

perfychi發表於2012-12-18
Oracle
從4個方面實戰oracle的密碼操作 較好的實踐是,oracle的密碼操作透過profile來實現,而資源則是透過資源消費組來控制,profile其實是種限制。 透過profile來控制密碼的使用,大抵有四: 1) 密碼的歷史 在這裡,有兩個引數:password_reuse_time和password_r
  從4個方面實戰oracle的密碼操作    較好的實踐是,oracle的密碼操作透過profile來實現,而資源則是透過資源消費組來控制,profile其實是種限制。
    透過profile來控制密碼的使用,大抵有四:
    1) 密碼的歷史
    在這裡,有兩個引數:password_reuse_time和password_reuse_max,比較好的實踐是,這兩個引數當關聯起來使用。 如:password_reuse_time=30,password_reuse_max=10,
    使用者可以在30天以後重用該密碼,要求密碼必須被改變超過10次。
    實驗:
    會話1:sys
    sys@ORCL> create profile p1 limit password_reuse_time 1/1440 password_reuse_max 1;
    Profile created.
    sys@ORCL> alter user scott profile p1;
    User altered.
    sys@ORCL> alter user scott password expire;
    User altered.
    sys@ORCL> alter profile p1 limit password_reuse_time 5/1440 password_reuse_max 1;--5分鐘後可重用該密碼,但這期間必須要被改成其他密碼一次
    Profile altered.
    sys@ORCL> alter user scott password expire;
    User altered.
    會話2:scott
    scott@ORCL> exit;
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:11:09 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    idle> conn scott/oracle
    ERROR:
    ORA-28001: the password has expired
    Changing password for scott
    New password: --使用原密碼,即oracle
    Retype new password:
    ERROR:
    ORA-28007: the password cannot be reused
    Password unchanged
    idle> conn scott/oracle
    ERROR:
    ORA-28001: the password has expired
    Changing password for scott
    New password: --使用新密碼,改成think
    Retype new password:
    Password changed
    Connected.
    會話1:sys
    sys@ORCL> alter user scott password expire;
    User altered.
    會話2:scott
    scott@ORCL> exit;
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:19:04 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    idle> conn scott/think
    ERROR:
    ORA-28001: the password has expired
    Changing password for scott
    New password: --使用最早的密碼,即oracle
    Retype new password:
    Password changed
    Connected.
    scott@ORCL>
    2) 密碼的登入校驗
    在這方面,也有兩個引數:
    failed_login_attempts:鎖定前允許的最大失敗登入次數
    password_lock_time:鎖定時間
    實驗:
    會話1:sys
    sys@ORCL> drop profile p1 cascade;
    Profile dropped.
    sys@ORCL> create profile p1 limit failed_login_attempts 1 password_lock_time 1/1440;--失敗一次就被鎖,被鎖1分鐘
    Profile created.
    sys@ORCL> alter user scott profile p1;
    User altered.
    會話2:scott
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:42:46 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    idle> conn scott/think
    ERROR:
    ORA-01017: invalid username/password; logon denied
    idle> conn scott/oracle
    ERROR:
    ORA-28000: the account is locked
    idle> conn scott/oracle --1分鐘之後
    Connected.
    3) 密碼的生命週期
    同樣地,這也是有兩個引數:
    password_life_time:密碼的壽命
    password_grace_time:寬限時間,特指將達到壽命前的那些時光
    實驗:
    會話1:sys
    sys@ORCL> drop profile p1 cascade;
    Profile dropped.
    sys@ORCL> create profile p1 limit password_life_time 2/1440 password_grace_time 2/1440;
    Profile created.
    sys@ORCL> alter user scott profile p1;
    User altered.
    會話2:scott
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:56:59 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved
從4個方面實戰oracle的密碼操作 較好的實踐是,oracle的密碼操作透過profile來實現,而資源則是透過資源消費組來控制,profile其實是種限制。 透過profile來控制密碼的使用,大抵有四: 1) 密碼的歷史 在這裡,有兩個引數:password_reuse_time和password_r
  從4個方面實戰oracle的密碼操作    較好的實踐是,oracle的密碼操作透過profile來實現,而資源則是透過資源消費組來控制,profile其實是種限制。
    透過profile來控制密碼的使用,大抵有四:
    1) 密碼的歷史
    在這裡,有兩個引數:password_reuse_time和password_reuse_max,比較好的實踐是,這兩個引數當關聯起來使用。 如:password_reuse_time=30,password_reuse_max=10,
    使用者可以在30天以後重用該密碼,要求密碼必須被改變超過10次。
    實驗:
    會話1:sys
    sys@ORCL> create profile p1 limit password_reuse_time 1/1440 password_reuse_max 1;
    Profile created.
    sys@ORCL> alter user scott profile p1;
    User altered.
    sys@ORCL> alter user scott password expire;
    User altered.
    sys@ORCL> alter profile p1 limit password_reuse_time 5/1440 password_reuse_max 1;--5分鐘後可重用該密碼,但這期間必須要被改成其他密碼一次
    Profile altered.
    sys@ORCL> alter user scott password expire;
    User altered.
    會話2:scott
    scott@ORCL> exit;
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:11:09 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    idle> conn scott/oracle
    ERROR:
    ORA-28001: the password has expired
    Changing password for scott
    New password: --使用原密碼,即oracle
    Retype new password:
    ERROR:
    ORA-28007: the password cannot be reused
    Password unchanged
    idle> conn scott/oracle
    ERROR:
    ORA-28001: the password has expired
    Changing password for scott
    New password: --使用新密碼,改成think
    Retype new password:
    Password changed
    Connected.
    會話1:sys
    sys@ORCL> alter user scott password expire;
    User altered.
    會話2:scott
    scott@ORCL> exit;
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:19:04 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    idle> conn scott/think
    ERROR:
    ORA-28001: the password has expired
    Changing password for scott
    New password: --使用最早的密碼,即oracle
    Retype new password:
    Password changed
    Connected.
    scott@ORCL>
    2) 密碼的登入校驗
    在這方面,也有兩個引數:
    failed_login_attempts:鎖定前允許的最大失敗登入次數
    password_lock_time:鎖定時間
    實驗:
    會話1:sys
    sys@ORCL> drop profile p1 cascade;
    Profile dropped.
    sys@ORCL> create profile p1 limit failed_login_attempts 1 password_lock_time 1/1440;--失敗一次就被鎖,被鎖1分鐘
    Profile created.
    sys@ORCL> alter user scott profile p1;
    User altered.
    會話2:scott
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:42:46 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    idle> conn scott/think
    ERROR:
    ORA-01017: invalid username/password; logon denied
    idle> conn scott/oracle
    ERROR:
    ORA-28000: the account is locked
    idle> conn scott/oracle --1分鐘之後
    Connected.
    3) 密碼的生命週期
    同樣地,這也是有兩個引數:
    password_life_time:密碼的壽命
    password_grace_time:寬限時間,特指將達到壽命前的那些時光
    實驗:
    會話1:sys
    sys@ORCL> drop profile p1 cascade;
    Profile dropped.
    sys@ORCL> create profile p1 limit password_life_time 2/1440 password_grace_time 2/1440;
    Profile created.
    sys@ORCL> alter user scott profile p1;
    User altered.
    會話2:scott
    [oracle@localhost ~]$ sqlplus /nolog
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:56:59 2012
    Copyright (c) 1982, 2005, Oracle. All rights reserved

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/27042095/viewspace-751297/,如需轉載,請註明出處,否則將追究法律責任。

0
0
上一篇: EXP-00008: 遇到 ORACLE 錯誤 904 ORA-01003
下一篇: oracle profile 介紹
oracle profile 試驗
請登入後發表評論 登入
全部評論

相關文章