较好的实践是,Oracle的密码操作通过profile来实现,而资源则是通过资源消费组来控制,profile其实是种限制。 通过profile来控制密码的使用,大抵有四: 1) 密码的历史 在这里,有两个参数:password_reuse_time和password_reuse_max,比较好的实践是,这两
较好的实践是,Oracle的密码操作通过profile来实现,而资源则是通过资源消费组来控制,profile其实是种限制。通过profile来控制密码的使用,大抵有四:
1) 密码的历史
在这里,有两个参数:password_reuse_time和password_reuse_max,比较好的实践是,这两个参数当关联起来使用。 如:password_reuse_time=30,password_reuse_max=10,
用户可以在30天以后重用该密码,要求密码必须被改变超过10次。
实验:
会话1:sys
sys@ORCL> create profile p1 limit password_reuse_time 1/1440 password_reuse_max 1;
Profile created.
sys@ORCL> alter user scott profile p1;
User altered.
sys@ORCL> alter user scott password expire;
User altered.
sys@ORCL> alter profile p1 limit password_reuse_time 5/1440 password_reuse_max 1;--5分钟后可重用该密码,但这期间必须要被改成其他密码一次
Profile altered.
sys@ORCL> alter user scott password expire;
User altered.
会话2:scott
scott@ORCL> exit;
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
[Oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:11:09 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
idle> conn scott/Oracle
ERROR:
ORA-28001: the password has expired
Changing password for scott
New password: --使用原密码,即Oracle
Retype new password:
ERROR:
ORA-28007: the password cannot be reused
Password unchanged
idle> conn scott/Oracle
ERROR:
ORA-28001: the password has expired
Changing password for scott
New password: --使用新密码,改成think
Retype new password:
Password changed
Connected.
会话1:sys
sys@ORCL> alter user scott password expire;
User altered.
会话2:scott
scott@ORCL> exit;
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
[Oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:19:04 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
idle> conn scott/think
ERROR:
ORA-28001: the password has expired
Changing password for scott
New password: --使用最早的密码,即Oracle
Retype new password:
Password changed
Connected.
scott@ORCL>
2) 密码的登入校验
在这方面,也有两个参数:
failed_login_attempts:锁定前允许的最大失败登录次数
password_lock_time:锁定时间
实验:
会话1:sys
sys@ORCL> drop profile p1 cascade;
Profile dropped.
sys@ORCL> create profile p1 limit failed_login_attempts 1 password_lock_time 1/1440;--失败一次就被锁,被锁1分钟
Profile created.
sys@ORCL> alter user scott profile p1;
User altered.
会话2:scott
[Oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:42:46 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
idle> conn scott/think
ERROR:
ORA-01017: invalid username/password; logon denied
idle> conn scott/Oracle
ERROR:
ORA-28000: the account is locked
idle> conn scott/Oracle --1分钟之后
Connected.
3) 密码的生命周期
同样地,这也是有两个参数:
password_life_time:密码的寿命
password_grace_time:宽限时间,特指将达到寿命前的那些时光
实验:
会话1:sys
sys@ORCL> drop profile p1 cascade;
Profile dropped.
sys@ORCL> create profile p1 limit password_life_time 2/1440 password_grace_time 2/1440;
Profile created.
sys@ORCL> alter user scott profile p1;
User altered.
会话2:scott
[Oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 01:56:59 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
idle> conn scott/Oracle
ERROR:
ORA-28002: the password will expire within 0 days
Connected.
4) 密码的复杂性
在$Oracle_HOME/rdbms/admin/utlpwdmg.sql,有个密码函数,借此,则可控制密码复杂性
现将该函数摘入如下:
CREATE OR REPLACE FUNCTION verify_function
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()``*+,-/:;?_';
-- Check if the password is same as the username
IF NLS_LOWER(password) = NLS_LOWER(username) THEN
raise_application_error(-20001, 'Password same as or similar to user');
END IF;
-- Check for the minimum length of the password
IF length(password) raise_application_error(-20002, 'Password length less than 4');
END IF;
-- Check if the password is too simple. A dictionary of words may be
-- maintained and a check may be made so as not to allow the words
-- that are too simple for the password.
IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'Oracle', 'computer', 'abcd') THEN
raise_application_error(-20002, 'Password too simple');
END IF;
-- Check if the password contains at least one letter, one digit and one
-- punctuation mark.
-- 1. Check for the digit
isdigit:=FALSE;
m := length(password);
FOR i IN 1..10 LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(digitarray,i,1) THEN
isdigit:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
IF isdigit = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
END IF;
-- 2. Check for the character
>
ischar:=FALSE;
FOR i IN 1..length(chararray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(chararray,i,1) THEN
ischar:=TRUE;
GOTO findpunct;
END IF;
END LOOP;
END LOOP;
IF ischar = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one \
digit, one character and one punctuation');
END IF;
-- 3. Check for the punctuation
>
ispunct:=FALSE;
FOR i IN 1..length(punctarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(punctarray,i,1) THEN
ispunct:=TRUE;
GOTO endsearch;
END IF;
END LOOP;
END LOOP;
IF ispunct = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one \
digit, one character and one punctuation');
END IF;
>
-- Check if the password differs from the previous password by at least
-- 3 letters
IF old_password IS NOT NULL THEN
differ := length(old_password) - length(password);
IF abs(differ) IF length(password) m := length(password);
ELSE
m := length(old_password);
END IF;
differ := abs(differ);
FOR i IN 1..m LOOP
IF substr(password,i,1) != substr(old_password,i,1) THEN
differ := differ + 1;
END IF;
END LOOP;
IF differ raise_application_error(-20004, 'Password should differ by at \
least 3 characters');
END IF;
END IF;
END IF;
-- Everything is fine; return TRUE ;
RETURN(TRUE);
END;
/
手把手教你uniapp和小程序分包(图文)Jul 22, 2022 pm 04:55 PM本篇文章给大家带来了关于uniapp跨域的相关知识,其中介绍了uniapp和小程序分包的相关问题,每个使用分包小程序必定含有一个主包。所谓的主包,即放置默认启动页面/TabBar 页面,以及一些所有分包都需用到公共资源/JS 脚本;而分包则是根据开发者的配置进行划分,希望对大家有帮助。
Java开发实战:集成七牛云云存储服务实现文件上传Jul 06, 2023 pm 06:22 PMJava开发实战:集成七牛云云存储服务实现文件上传引言随着云计算和云存储的发展,越来越多的应用程序需要将文件上传至云端进行存储和管理。云存储服务的优势在于高可靠性、可扩展性和灵活性。本文将介绍如何使用Java语言开发,集成七牛云云存储服务,实现文件上传功能。七牛云简介七牛云是国内领先的云存储服务提供商,其提供了全面的云存储和内容分发服务。用户可以通过七牛云提
MySQL表设计实战:创建一个电商订单表和商品评论表Jul 03, 2023 am 08:07 AMMySQL表设计实战:创建一个电商订单表和商品评论表在电商平台的数据库中,订单表和商品评论表是两个非常重要的表格。本文将介绍如何使用MySQL来设计和创建这两个表格,并给出代码示例。一、订单表的设计与创建订单表用于存储用户的购买信息,包括订单号、用户ID、商品ID、购买数量、订单状态等字段。首先,我们需要创建一个名为"order"的表格,使用CREATET
Golang实战:数据导出功能的实现技巧分享Feb 29, 2024 am 09:00 AM数据导出功能在实际开发中是非常常见的需求,特别是在后台管理系统或者数据报表导出等场景中。本文将以Golang语言为例,分享数据导出功能的实现技巧,并给出具体的代码示例。1.环境准备在开始之前,确保已经安装好Golang环境,并且熟悉Golang的基本语法和操作。另外,为了实现数据导出功能,可能还需要使用第三方库,比如github.com/360EntSec
深入学习 Elasticsearch 查询语法与实战Oct 03, 2023 am 08:42 AM深入学习Elasticsearch查询语法与实战引言:Elasticsearch是一款基于Lucene的开源搜索引擎,主要用于分布式搜索与分析,广泛应用于大规模数据的全文搜索、日志分析、推荐系统等场景。在使用Elasticsearch进行数据查询时,灵活运用查询语法是提高查询效率的关键。本文将深入探讨Elasticsearch查询语法,并结合实际案例给出
Vue实战:日期选择器组件开发Nov 24, 2023 am 09:03 AMVue实战:日期选择器组件开发引言:日期选择器是在日常开发中经常用到的一个组件,它可以方便地选择日期,并提供各种配置选项。本文将介绍如何使用Vue框架来开发一个简单的日期选择器组件,并提供具体的代码示例。一、需求分析在开始开发之前,我们需要进行需求分析,明确组件的功能和特性。根据常见的日期选择器组件功能,我们需要实现以下几个功能点:基础功能:能够选择日期,并
MySQL表设计实战:创建一个电影信息表和演员表Jul 01, 2023 pm 08:16 PMMySQL表设计实战:创建一个电影信息表和演员表导语:在数据库设计中,表的创建是一个非常关键的环节。本文将以电影信息表和演员表为例,详细介绍如何进行MySQL表的设计和创建,并附上相应的代码示例。一、电影信息表设计和创建电影信息表是用来存储电影的相关信息,包括电影名称、导演、上映时间、电影类型等字段。下面是电影信息表的设计和创建过程,首先我们需要选择合适的字
Vue开发实战:构建优雅的后台管理系统Nov 03, 2023 am 11:27 AMVue是一种高效的JavaScript框架,用于构建单页应用程序。它被广泛应用于Web应用程序的开发,包括后台管理系统。如果您正在寻找一种优雅的方式来构建后台管理系统,Vue就是一个不错的选择。在本文中,我们将介绍如何使用Vue来构建一个优雅的后台管理系统。设计你的后台管理系统在开始开发之前,你需要设计你的后台管理系统。这包括设计页面布局、组件、功能和用户界
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Dreamweaver CS6
Visual web development tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Linux new version
SublimeText3 Linux latest version
