当前位置:数据库 > Oracle >>

或许你不知的ORACLE秘密系列一

或许你不知的ORACLE秘密系列一
 
Oracle 11g introduces Case-sensitive passwords for database authentication. Along with this if you wish to change the password (temporarily) and reset it back to old , you will find that password field in dba_users is empty. Prior to 11g we could use following technique to change/restore password
SQL> create user liu identified by liu;User created.  www.zzzyk.com  
SQL> grant create session to liu;Grant succeeded.
SQL> conn sys as sysdbaEnter password:Connected.
SQL> select username,password from dba_users where username='LIU';
USERNAME                           PASSWORD
------------------------------ ------------------------------
LIU                                       9DEC0D889E8E9A6B
SQL> alter user amit identified by abc;
User altered.
SQL> conn amit/abc  www.zzzyk.com  
Connected.
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> alter user LIU identified by values'9DEC0D889E8E9A6B';
User altered.
SQL> conn liu/liu
Connected.
In 11g if you query password field, itwill return NULL.
SQL> select username,password fromdba_users where username='LIU';
USERNAME                      PASSWORD
------------------------------------------------------------
LIU
Let’s first see Case-sensitive passwordfeature in 11g and then steps to change/restore passwords
SYS@orcl>create user LIU IDENTIFIED BYLIU;
用户已创建。
SYS@orcl>GRANT CONNECT TO LIU;
授权成功。
SYS@orcl>conn liu/liu
ERROR:
ORA-01017: invalid username/password;logon denied
警告:您不再连接到 ORACLE。
@>CONN LIU/LIU
已连接。
LIU@orcl>
This behavior is controlled by“sec_case_sensitive_logon”initialization paramter. If the value is true then it will enforce casesensitive passwords
LIU@orcl>conn / as sysdba
已连接。
SYS@orcl>SHO PARAMETER PFILE
NAME                                TYPE        VALUE
----------------------------------------------- ------------------------------
spfile                              string     \opt\DBHOME_1\DATABASE\SPFILE
                                                ORCL.ORA
SYS@orcl>sho parameter sec_case_sensi
NAME                                TYPE        VALUE
----------------------------------------------- ------------------------------
sec_case_sensitive_logon            boolean     TRUE
SYS@orcl>alter system setsec_case_sensitive_logon=false;
系统已更改。
SYS@orcl>conn liu/liu
已连接。
LIU@orcl>alter system setsec_case_sensitive_logon=true;
alter system setsec_case_sensitive_logon=true
*
第 1行出现错误:
ORA-01031:权限不足
LIU@orcl>conn / as sysdba
已连接。
SYS@orcl>alter system setsec_case_sensitive_logon=true;
系统已更改。
SYS@orcl>conn liu/LIU;
已连接。
LIU@orcl>conn liu/liu
ERROR:
ORA-01017: invalid username/password; logondenied
警告:您不再连接到 ORACLE。
Now to reset the password in 11g, we needto query spare4 column in user$ table
@>conn / as sysdba
已连接。
SYS@orcl>select spare4 from user$ wherename='LIU';
SPARE4
----------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
S:813731A84040EA2C4DF1545B869495ECA28C81486A11E5E19344F88BA312
SYS@orcl>ALTER USER LIU IDENTIFIED BYABC;
用户已更改。
SYS@orcl>CONN LIU/ABC
已连接。
LIU@orcl>CONN / AS SYSDBA
已连接。
SYS@orcl>ALTER USER LIU IDENTIFIEDBY VALUES'S:813731A84040EA2C4DF1545B869495ECA28C81486A11E5E19344F88BA312';
用户已更改。
SYS@orcl>CONN LIU/ABC
ERROR:
ORA-01017: invalid username/password;logon denied
警告:您不再连接到 ORACLE。
@>CONN / AS SYSDBA
已连接。
SYS@orcl>conn LIU/LIU
已连接。
LIU@orcl>
As per Metalink Note429465.1 , view DBA_USERS has new column PASSWORD_VERSIONS rendered as follows:
decode(length(u.password),16,'10G',NULL)||NVL2(u.spare4, '11G ' ,NULL)
for example:
SYS@orcl>SELECT USERNAME,PASSWORD_VERSIONSFROM DBA_USERS WHERE USERNAME='LIU';
USERNAME                      PASSWORD
------------------------------ --------
LIU                           11G
SYS@orcl>SELECT USERNAME,PASSWORD_VERSIONSFROM DBA_USERS WHERE USERNAME IN ('SYS','DNA','LIU');
USERNAME                      PASSWORD
------------------------------ --------
SYS                           10G 11G
DNA                           10G 11G
LIU                           11G
In this case it means both old andnew-style hash values are available for the users--SYS,DNA, the new hash valueis stored in the USER$.SPARE4 column, as long as this remains NULL it means thepassword has not been changed since the migration and the user will have theold case insensitive password.
SYS@orcl>CREATE USER LIU2 IDENTIFIED BYLIU2;
用户已创建。
SYS@orcl>SELECTUSERNAME,PASSWORD_VERSIONS FROM DBA_USERS WHERE USERNAME IN('SYS','DNA','LIU','LIU2');
USERNAME                      PASSWORD
------------------------------ --------
SYS                           10G 11G
LIU                           11G
LIU2                          10G 11G
DNA                           10G 11G
As I had reset passwordusing only spare4 string, password will be case -sensitive irrespective ofsetting for sec_case_sensitive_logon parameter value
Upd
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,