zoukankan      html  css  js  c++  java
  • oracle 11g/12c 密码复杂度验证设置

    ###############################################################################

    ###### 11g ######

    ###############################################################################

    1、开启密码复杂度验证函数

    sqlplus / as sysdba

    @?/rdbms/admin/utlpwdmg.sql

    alter profile default limit password_life_time unlimited;

    ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;

    alter profile DEFAULT limit PASSWORD_LOCK_TIME UNLIMITED;

    alter profile DEFAULT limit PASSWORD_GRACE_TIME UNLIMITED;

    2、修改default profile的密码策略(实际上执行utlpwdmg.sql后自动修改PASSWORD_VERIFY_FUNCTION)

    alter profile default limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;

    3、新建system profile

    create profile SYSTEM_PROFILE limit

    PASSWORD_LIFE_TIME 60

    PASSWORD_GRACE_TIME 90

    PASSWORD_REUSE_MAX 5

    PASSWORD_REUSE_TIME 60

    PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;

    4、修改sys、system用户profile

    alter user sys profile SYSTEM_PROFILE;

    alter user system profile SYSTEM_PROFILE;

    5、验证

    set line 300

    col profile for a30

    col RESOURCE_NAME for a32

    col RESOURCE_TYPE for a13

    col LIMIT for a30

    col COMMON for a8

    SELECT * FROM dba_profiles order by profile;

    set line 300

    col username for a30

    col profile for a60

    SELECT username,PROFILE FROM dba_users order by created;

    ###############################################################################

    ###### 12c ######

    ###############################################################################

    1、开启密码复杂度验证函数(CDB和PDB都需要执行下面命令)

    sqlplus / as sysdba

    @?/rdbms/admin/utlpwdmg.sql

    alter profile default limit password_life_time unlimited;

    ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;

    alter profile DEFAULT limit PASSWORD_LOCK_TIME UNLIMITED;

    alter profile DEFAULT limit PASSWORD_GRACE_TIME UNLIMITED;

    2、修改default profile的密码策略(实际上执行utlpwdmg.sql后自动修改PASSWORD_VERIFY_FUNCTION)

    alter profile default limit PASSWORD_VERIFY_FUNCTION ora12c_verify_function;

    3、新建system profile(CDB执行)

    create profile C##_SYSTEM_PROFILE limit

    PASSWORD_LIFE_TIME 60

    PASSWORD_GRACE_TIME 90

    PASSWORD_REUSE_MAX 5

    PASSWORD_REUSE_TIME 60

    PASSWORD_VERIFY_FUNCTION ora12c_verify_function;

    4、修改sys、system用户profile(CDB执行)

    alter user sys profile C##_SYSTEM_PROFILE;

    alter user system profile C##_SYSTEM_PROFILE;

    5、验证(CDB和PDB都需要验证)

    set line 300

    col profile for a30

    col RESOURCE_NAME for a32

    col RESOURCE_TYPE for a13

    col LIMIT for a30

    col COMMON for a8

    SELECT * FROM dba_profiles where profile in ('DEFAULT','C##_SYSTEM_PROFILE') order by profile;

    set line 300

    col username for a30

    col profile for a60

    SELECT username,PROFILE FROM dba_users order by created;

    ora12c_verify_function:

    This function is the new 12c password verify function.

    It enforce a similar respectively slightly stronger password complexity as verify_function_11G.

    verify_function_11G just checked for DB_NAME or ORACLE with 1 to 100 attached. e.g. oracle1 or oracle83.

    With the new function DB_NAME or ORACLE may not be part of the password at all.

    The following is verified:

    Password at least 8 characters

    at least 1 letters

    at least 1 digits

    must not contain database name

    must not contain user name or reverse user name

    must not contain oracle

    must not be too simple like welcome1

    password must differ by at least 3 characters from the old password

    ora12c_strong_verify_function:

    This function is provided to give stronger password complexity.

    It considers recommendations of the Department of Defense Database (STIG) with the following limits.

    Password at least 9 characters

    at least 2 capital letters

    at least 2 small letters

    at least 2 digits

    at least 2 special characters

    password must differ by at least 4 characters from the old password

  • 相关阅读:
    备注下Windows可能会用到的运行命令
    SQL2008R2 收缩数据库问题
    转:SQL Server服务器名称与默认实例名不一致的修复方法
    mac下初始化eclipse的安卓开发ndk开发环境
    eclipse android ndk 提示Type 'JNIEnv' could not be resolved 等信息解决办法
    eclipse ndk 配置和简单开发demo
    ubuntu15.10运行android studio出错unable to run mksdcard sdk tool
    Pavilion M4-1016TX 加装固态硬盘(SSD)+UEFI+GPT安装WIN8.1
    package.json和package-lock.json的区别
    Vue生命周期中mounted和created的区别
  • 原文地址:https://www.cnblogs.com/kawashibara/p/9954512.html
Copyright © 2011-2022 走看看