Oracle數據庫密碼的延遲驗證方式

本篇內容主要講解“Oracle數據庫密碼的延遲驗證方式”，感興趣的朋友不妨來看看。本文介紹的方法操作簡單快捷，實用性強。下面就讓小編來帶大家學習“Oracle數據庫密碼的延遲驗證方式”吧!

密碼延遲驗證官方文檔說明：

Oracle? Database Security Guide 11g Release 1 (11.1)

Preventing passwords from being broken. If a user tries to log in to Oracle Database multiple times using an incorrect password, Oracle Database delays each login. This protection applies for attempts made from different IP addresses or multiple client connections. Afterwards, it gradually increases the time before the user can try another password, up to a maximum of about 10 seconds. If the user enters the correct password, he or she is able to log in successfully without any delay.

This feature significantly decreases the number of passwords that an intruder would be able to try within a fixed time period when attempting to log in. The failed logon delay slows down each failed logon attempt, increasing the overall time that is required to perform a password-guessing attack, because such attacks usually require a very large number of failed logon attempts.

密碼延遲驗證初衷是為了防止密碼在短時間內被暴力破解，隨著密碼輸入錯誤次數，延遲驗證時間會逐步增加一直到最大10s。

如果由于密碼延遲驗證導致了大量的無event的會話，或library cache lock，可以保證安全前提下，關閉密碼延遲驗證。

在不同版本可以通過如下設置關閉密碼延遲驗證：

11g：

# 在spfile中設置event：event = "28401 trace name context forever,level 1"
SQL> alter system set event="28401 trace name context forever,level 1" scope=spfile;
# 針對SYS用戶，可以看到在11g中該參數是針對sys用戶：
_sys_logon_delay      1     TRUE   failed logon delay for sys     
SQL> alter system set "_sys_logon_delay"=0 scope=spfile;

12c

# 可以看到12c中，該參數已經變更為控制數據庫實例，所以可以通過修改該參數關閉密碼延遲驗證
_sys_logon_delay    1   TRUE   The failed logon delay for the database instance

到此，相信大家對“Oracle數據庫密碼的延遲驗證方式”有了更深的了解，不妨來實際操作一番吧！這里是億速云網站，更多相關內容可以進入相關頻道進行查詢，關注我們，繼續學習！