ORACLE 用户锁定问题
在开发环境下,由于直接修改了数据库用户的密码,之后一直不能连接,及时执行alter user username account unlock 还是提示用户锁定。刚开始只是怀疑是数据库的问题,就一直在数据库上找问题,其实最终的问题是更改密码后,应用程序的还在链接着数据库,由于
在开发环境下,由于直接修改了数据库用户的密码,之后一直不能连接,及时执行alter user username account unlock 还是提示用户锁定。刚开始只是怀疑是数据库的问题,就一直在数据库上找问题,其实最终的问题是更改密码后,应用程序的还在链接着数据库,由于数据库默认设置登录失败10次用户会被锁定。停掉应用,重新执行alter user username account unlock,问题得到解决。
有关数据库用户状态及如何查询进行介绍:
oracle11g数据库安全加固须谨慎
数据库安全配置中,需要做相关的安全加固工作。以确认数据库的安全,但是,有些时候,操作不当或者数据库业务账号修改密码后,而程序的连接数据库的配置封装在jar里,如果jar内的连接数据库的配置信息没有做相应的修改的话。就会对数据库的此业务账号造成严重的后果。
因此,真正了解Oracle安全数据库用户的状态,就显得尤为重要了。下面我们就看一下oracle数据库中的多种用户状态。
ORACLE数据库用户有多种状态,可查看视图USER_ASTATUS_MAP。
SQL> col status for a30
SQL> select * from user_astatus_map;
STATUS# STATUS
---------- ------------------------------
0 OPEN
1 EXPIRED
2 EXPIRED(GRACE)
4 LOCKED(TIMED)
8 LOCKED
5 EXPIRED & LOCKED(TIMED)
6 EXPIRED(GRACE) & LOCKED(TIMED)
9 EXPIRED & LOCKED
10 EXPIRED(GRACE) & LOCKED
9 rows selected.
通过上面的查询我们可以看到在Oracle中account总共有9种不同的状态,对应dba_users视图中的account_status字段。
下面我分别就每种状态的含义和出现的情况做个简单的说明,以便于今后的系统管理和维护。
分析上面的9种状态不难看出,其实独立的状态只有OPEN、EXPIRED、LOCKED、EXPIRED(GRACE)、LOCKED(TIMED) 5种形式。其他4种不过是前面几种形式的组合而已。
或者也可以这样理解:
以上的9种状态可以分为两大类:
1、基本状态(前五种为基本状态:0 OPEN、1 EXPIRED、2 EXPIRED(GRACE)、4 LOCKED(TIMED)、8 LOCKED);
2、组合状态(后四种为组合状态:5 EXPIRED & LOCKED(TIMED)、6 EXPIRED(GRACE) & LOCKED(TIMED)、9 EXPIRED & LOCKED、10 EXPIRED(GRACE) & LOCKED);
后四种的组合状态可通过状态号STATUS#获得其状态的两个组合。掌握前五种即可。
具体详细解释请参考如下:
OPEN: 这个是大家最常见的,就是表示这个是可用的,没有任何限制的帐户
LOCKED: 表示这个帐户被DBA锁定. 一般通过alter user username account lock(unlock);
EXPIRED: 表示该帐户被设置为口令到期,要求用户在下次logon的时候修改口令(系统会在该account被设置为expire后的第一次登陆是提示你修改密码)
EXPIRED(GRACE): 当设置了grace以后(第一次成功登录后到口令到期后有多少天时间可改变口令,在这段时间内,帐户被提醒修改口令并可以正常登陆,
account_status显示为EXPIRED(GRACE).
LOCKED(TIMED): 这种状态表示失败的login次数超过了FAILED_LOGIN_ATTEMPTS,被系统自动锁定,需要注意的是,在Oracle 10g中,默认的DEFAULT值是10次.
EXPIRED & LOCKED: 表示此账户被设置为口令到期且被锁定。
EXPIRED(GRACE) & LOCKED(TIMED): 当account_stutus为EXPIRED(GRACE)的时候,用户又尝试失败的login次数超过了FAILED_LOGIN_ATTEMPTS,被系统自动锁定
EXPIRED & LOCKED(TIMED): 当设置了account expire后,用户又失败的login次数超过了FAILED_LOGIN_ATTEMPTS,被系统自动锁定
EXPIRED(GRACE) & LOCKED: 用户account_status为EXPIRED(GRACE)后,又被DBA 手工锁定帐户后的状态
下面通过实例操作来说明:
本人对oracle数据库的profile文件进行如下安全设置:(其中的FAILED_LOGIN_ATTEMPTS 6是对用户尝试失败的登录最大次数的限制,这里只允许最多尝试失败6次)
SQL>ALTER PROFILE DEFAULT LIMIT
FAILED_LOGIN_ATTEMPTS 6
PASSWORD_LIFE_TIME 60
PASSWORD_REUSE_TIME 60
PASSWORD_REUSE_MAX 5
PASSWORD_VERIFY_FUNCTION verify_function_11g
PASSWORD_LOCK_TIME 1/24
PASSWORD_GRACE_TIME 90;
通过以下语句查询当前用户的状态:
SQL> alter session set nls_date_format='yyyy-MM-dd hh24:mi:ss';
SQL> show linesize;
SQL> set linesize=1000;
SQL> select username,account_status from dba_users;
USERNAME ACCOUNT_STATUS
------------------------------ --------------------------------
DBA_USER OPEN
DBSNMP OPEN
SYSMAN OPEN
SCOTT OPEN
FLOWS_FILES EXPIRED & LOCKED
MDSYS EXPIRED & LOCKED
WMSYS EXPIRED & LOCKED
ORDDATA EXPIRED & LOCKED
CTXSYS EXPIRED & LOCKED
ANONYMOUS EXPIRED & LOCKED
接下来使用账号dba_user和scott,以错误的密码尝试连接数库6次以上后,再查看数据库用户状态:
SQL> select username,account_status from dba_users;
USERNAME ACCOUNT_STATUS
------------------------------ --------------------------------
DBA_USER EXPIRED(GRACE) & LOCKED(TIMED)
DBSNMP OPEN
SYSMAN OPEN
SCOTT EXPIRED(GRACE) & LOCKED(TIMED)
FLOWS_FILES EXPIRED & LOCKED
MDSYS EXPIRED & LOCKED
WMSYS EXPIRED & LOCKED
ORDDATA EXPIRED & LOCKED
CTXSYS EXPIRED & LOCKED
ANONYMOUS EXPIRED & LOCKED
事实证明,当用户DBA_USER和SCOTT为EXPIRED(GRACE)的时候,用户又尝试失败的login次数超过了FAILED_LOGIN_ATTEMPTS,被系统自动锁定.
如果这两个用户为生产现网的业务账户的话,管理员不能及时发现问题或报警的话,将会造成业务中断等严重的后果。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1663
14
1419
52
1313
25
1264
29
1237
24
What to do if the oracle can't be opened
Apr 11, 2025 pm 10:06 PM
Solutions to Oracle cannot be opened include: 1. Start the database service; 2. Start the listener; 3. Check port conflicts; 4. Set environment variables correctly; 5. Make sure the firewall or antivirus software does not block the connection; 6. Check whether the server is closed; 7. Use RMAN to recover corrupt files; 8. Check whether the TNS service name is correct; 9. Check network connection; 10. Reinstall Oracle software.
How to solve the problem of closing oracle cursor
Apr 11, 2025 pm 10:18 PM
The method to solve the Oracle cursor closure problem includes: explicitly closing the cursor using the CLOSE statement. Declare the cursor in the FOR UPDATE clause so that it automatically closes after the scope is ended. Declare the cursor in the USING clause so that it automatically closes when the associated PL/SQL variable is closed. Use exception handling to ensure that the cursor is closed in any exception situation. Use the connection pool to automatically close the cursor. Disable automatic submission and delay cursor closing.
How to create cursors in oracle loop
Apr 12, 2025 am 06:18 AM
In Oracle, the FOR LOOP loop can create cursors dynamically. The steps are: 1. Define the cursor type; 2. Create the loop; 3. Create the cursor dynamically; 4. Execute the cursor; 5. Close the cursor. Example: A cursor can be created cycle-by-circuit to display the names and salaries of the top 10 employees.
What steps are required to configure CentOS in HDFS
Apr 14, 2025 pm 06:42 PM
Building a Hadoop Distributed File System (HDFS) on a CentOS system requires multiple steps. This article provides a brief configuration guide. 1. Prepare to install JDK in the early stage: Install JavaDevelopmentKit (JDK) on all nodes, and the version must be compatible with Hadoop. The installation package can be downloaded from the Oracle official website. Environment variable configuration: Edit /etc/profile file, set Java and Hadoop environment variables, so that the system can find the installation path of JDK and Hadoop. 2. Security configuration: SSH password-free login to generate SSH key: Use the ssh-keygen command on each node
What to do if the oracle log is full
Apr 12, 2025 am 06:09 AM
When Oracle log files are full, the following solutions can be adopted: 1) Clean old log files; 2) Increase the log file size; 3) Increase the log file group; 4) Set up automatic log management; 5) Reinitialize the database. Before implementing any solution, it is recommended to back up the database to prevent data loss.
Oracle's Role in the Business World
Apr 23, 2025 am 12:01 AM
Oracle is not only a database company, but also a leader in cloud computing and ERP systems. 1. Oracle provides comprehensive solutions from database to cloud services and ERP systems. 2. OracleCloud challenges AWS and Azure, providing IaaS, PaaS and SaaS services. 3. Oracle's ERP systems such as E-BusinessSuite and FusionApplications help enterprises optimize operations.
How to stop oracle database
Apr 12, 2025 am 06:12 AM
To stop an Oracle database, perform the following steps: 1. Connect to the database; 2. Shutdown immediately; 3. Shutdown abort completely.
How to export oracle view
Apr 12, 2025 am 06:15 AM
Oracle views can be exported through the EXP utility: Log in to the Oracle database. Start the EXP utility, specifying the view name and export directory. Enter export parameters, including target mode, file format, and tablespace. Start exporting. Verify the export using the impdp utility.
