Oracle資料庫密碼延遲驗證

密碼延遲驗證官方文件說明：

Oracle® Database Security Guide 11g Release 1 (11.1)

Preventing passwords from being broken. If a user tries to log in to Oracle Database multiple times using an incorrect password, Oracle Database delays each login. This protection applies for attempts made from different IP addresses or multiple client connections. Afterwards, it gradually increases the time before the user can try another password, up to a maximum of about 10 seconds. If the user enters the correct password, he or she is able to log in successfully without any delay.

This feature significantly decreases the number of passwords that an intruder would be able to try within a fixed time period when attempting to log in. The failed logon delay slows down each failed logon attempt, increasing the overall time that is required to perform a password-guessing attack, because such attacks usually require a very large number of failed logon attempts.

密碼延遲驗證初衷是為了防止密碼在短時間內被暴力破解，隨著密碼輸入錯誤次數，延遲驗證時間會逐步增加一直到最大10s。

如果由於密碼延遲驗證導致了大量的無event的會話，或library cache lock，可以保證安全前提下，關閉密碼延遲驗證。

在不同版本可以透過如下設定關閉密碼延遲驗證：

11g：

# 在spfile中設定event：event = "28401 trace name context forever,level 1"
SQL> alter system set event="28401 trace name context forever,level 1" scope=spfile;
# 針對SYS使用者，可以看到在11g中該引數是針對sys使用者：
_sys_logon_delay      1     TRUE   failed logon delay for sys     
SQL> alter system set "_sys_logon_delay"=0 scope=spfile;

12c

# 可以看到12c中，該引數已經變更為控制資料庫例項，所以可以透過修改該引數關閉密碼延遲驗證
_sys_logon_delay    1   TRUE   The failed logon delay for the database instance