zoukankan      html  css  js  c++  java

  • Who is locking the DB account?

    Sometimes the database account is locket frequently. That is because someone was trying to login to the database with a wrong password.  So, you may want to find out the person and tell him/her to use a correct password. Below are the way to accomplish it.

    Before we start, you need to know you can enable audit to accomplish it. But audit may cause some performance issue, besides you need to reboot the database which is very inconvenient. So we will not use this way. We use trigger to do it.

    We are going to create a database trigger, this trigger will be fired when the invalid password error(1017) happen. After being fired it will record the corresponding information like username , host and so one. Below are the trigger body.

    1 CREATE OR REPLACE TRIGGER sys.logon_trigger
2 AFTER SERVERERROR ON DATABASE
3 BEGIN
4   IF (IS_SERVERERROR(1017)) THEN
5 INSERT INTO who_lck_account VALUES(SYS_CONTEXT(‘USERENV’, ‘AUTHENTICATED_IDENTITY’), SYS_CONTEXT(‘USERENV’, ‘HOST’),SYS_CONTEXT(‘USERENV’, ‘OS_USER’), SYS_CONTEXT(‘USERENV’, ‘IP_ADDRESS’),SYSDATE);
6 COMMIT;
7   END IF;
8 END;

    You may noticed that the trigger is using a table. So below are the DDL for that table.

    1 SQL> create table sys.who_lck_account
2   2  (
3   3  USERNAME VARCHAR2(30),
4   4  USERHOST VARCHAR2(128),
5   5  OSUSER VARCHAR2(28),
6   6  USERIP VARCHAR2(128),
7   7  TIMESTAMP DATE
8   8  );

    Ok. Try to login with a error password, you will find you a recorded in the table.

    For example, I login with scott and the wrong password.

        kramer[/export/home/oratop ] sqlplus scott/tig@c21upg10

    SQL*Plus: Release 10.2.0.3.0 – Production on Fri Mar 22 13:58:59 2013

    Copyright (c) 1982, 2006, Oracle.  All Rights Reserved.

    ERROR:
    ORA-01017: invalid username/password; logon denied

    Enter user-name: ^C

    Check the table who_lck_account.

        SQL> SELECT * FROM sys.who_lck_account;

    USERNAME   USERHOST             OSUSER               USERIP                       TIMESTAMP
    ———- ——————– ——————– —————————- —————————-
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:56
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:56
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:59
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:59
  • 相关阅读:
    Javascript异步与同步问题
    promise解决异步问题:.then和async_await的渊源
    vue 爬坑之路----移动端适配rem单位
    vue 爬坑之路---can't resolve 'sass-loader'
    vue-cli新建vue项目
    sublimeT3编译sass.为css到指定的路径。
    禁止滚动条滚动
    让本地的静态html页面在node上跑起来
    地址三联动,简明实现
    关于数组去重
  • 原文地址:https://www.cnblogs.com/kramer/p/2975872.html
Copyright © 2011-2022 走看看