oracle 安全性引數
Oracle Database11g 增加了一組新引數以加強資料庫的預設安全性。這些引數是系統範圍的靜態引數。
(1)使用區分大小寫的口令以加強安全性
新引數SEC_CASE_SENSITIVE_LOGON使您可以設定區分大小寫的使用者口令。Oracle 建議保留預設設定TRUE。將此引數設定為FALSE 可指定不區分大小寫的口令以實現向後相容性。
ALTER SYSTEM SETSEC_CASE_SENSITIVE_LOGON = FALSE
注:禁用區分大小寫會使口令在強力攻擊面前變得更脆弱。
(2)防止拒絕服務(DoS) 攻擊
SEC_PROTOCOL_ERROR_FURTHER_ACTION引數:指定了要對客戶機連線執行的操作:繼續、斷開連線或延遲接受請求。
SEC_PROTOCOL_ERROR_TRACE_ACTION引數:指定了監視操作:NONE、TRACE、LOG 或ALERT。
(3)防止強力攻擊
新的初始化引數SEC_MAX_FAILED_LOGIN_ATTEMPTS的預設設定為10,表示在連線嘗試達到指定次數後會自動斷開連線。即使未啟用口令概要檔案,也會強制實施此引數。
此引數可以防止程式連線到資料庫,然後成百上千次地嘗試口令以透過驗證。
SEC_PROTOCOL_ERROR_FURTHER_ACTION
SEC_PROTOCOL_ERROR_FURTHER_ACTION specifies the further execution of a server
process when receiving bad packets from a possibly malicious client.
Values:
■ CONTINUE
The server process continues execution. The database server may be subject to a
Denial of Service (DoS) if bad packets cont inue to be sent by a malicious client.
■ (DELAY,integer)
The client experiences a delay of integer seconds before the server process accepts
the next request from the same client co nnection. Malicious cl ients are prevented
from excessive consumption of server resources while legitimate clients experience
a degradation in performance but can continue to function.
■ (DROP, integer)
The server forcefully terminates the client connection after integer cumulative bad
packets. The server protects itself at the ex pense of the client (for example, a client
transaction may be lost). The client may reconnect and attempt the same
operation.
Property Description
Parameter type Integer
Default value 10
Modifiable No
Range of values 1 to unlimited
Basic No
Property Description
Parameter type String
Syntax SEC_PROTOCOL_ERROR_FURTHER_ACTION = { CONTINUE |
(DELAY,integer) | (DROP, integer) }
Default value CONTINUE
Modifiable ALTER SESSION , ALTER SYSTEM
Basic No
SEC_PROTOCOL_ERROR_TRACE_ACTION
1-154 Oracle Database Reference
SEC_PROTOCOL_ERROR_TRACE_ACTION
SEC_PROTOCOL_ERROR_TRACE_ACTION specifies the action th at the database should
take when bad packets are received from a possibly malicious client.
Values:
■ NONE
The database server ignores the bad packets and does not generate any trace files
or log messages.
■ TRACE
A detailed trace file is generated when bad packets are received, which can be
used to debug any problems in client/server communication.
■ LOG
A minimal log message is printed in the alert logfile and in the server trace file. A
minimal amount of disk space is used.
■ ALERT
An alert message is sent to a DBA or monitoring console.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29067253/viewspace-2129774/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle引數-隱藏引數Oracle
- oracle 引數Oracle
- 【oracle DB安全性】保護資料字典引數O7_DICTIONARY_ACCESSIBILITYOracle
- Oracle引數檔案解析——引數解析Oracle
- Oracle 核心引數Oracle
- Oracle UNDO引數Oracle
- Oracle引數大全Oracle
- oracle引數配置Oracle
- oracle 效能引數Oracle
- ORACLE核心引數Oracle
- oracle引數整理Oracle
- Oracle引數檔案 各引數解釋Oracle
- Oracle:PDB 引數管理Oracle
- Oracle rman 配置引數Oracle
- Oracle 引數檔案Oracle
- ORACLE 配置event引數Oracle
- Oracle檢視引數Oracle
- Oracle隱式引數Oracle
- Oracle 隱含引數Oracle
- ORACLE隱含引數Oracle
- oracle重要初始引數Oracle
- Oracle 各版本引數/隱藏引數 介紹Oracle
- WebApi安全性 引數簽名校驗(結合Axios使用)WebAPIiOS
- Oracle動態、靜態引數引數修改規則Oracle
- Linux核心引數以及Oracle引數調整(updated)LinuxOracle
- Oracle UNDO引數詳解Oracle
- Oracle引數修改小結Oracle
- 談談ORACLE核心引數Oracle
- Oracle expdp 排除表引數Oracle
- Oracle 隱藏引數使用Oracle
- oracle的引數檔案Oracle
- oracle 資料泵引數Oracle
- Oracle PGA引數的管理Oracle
- Oracle 引數檔案(轉)Oracle
- oracle初始化引數Oracle
- Oracle Extent引數問題Oracle
- oracle兩個 retention 引數Oracle
- oracle核心引數意義Oracle