【 密码 】 Oracle 用户密码系列
1.1 BLOG 文档结构图
1.2 前言部分
1.2.1 导读和注意事项
各位技术爱好者,看完本文后,你可以掌握如下的技能,也可以学到一些其它你所不知道的知识, ~O(∩_∩)O~ :
① 用户的 9 种状态含义 (重点)
② 如何解锁账户
③ 如何修改密码无效状态
④ 如何获取密码的密文,如何利用密文修改用户的密码 (重点)
⑤ 如何查询失败的登陆次数
⑥ 11g 密码大小写问题
⑦ 11g 密码延迟验证
⑧ 密码复杂性校验
Tips :
① 本文在 itpub ( http://blog.itpub.net/26736162 )、博客园 ( http://www.cnblogs.com/lhrbest ) 和微信公众号( xiaomaimiaolhr ) 上 有同步更新 。
② 文章中用到的所有代码 、 相关软件 、 相关资料 及本文的 pdf 版本都 请前往小麦苗的云盘下载 , 小麦苗的 云盘地址见: http://blog.itpub.net/26736162/viewspace-1624453/ 。
③ 若网页文章代码格式有错乱, 请 下载 pdf 格式的文档来 阅读 。
④ 在 本篇 BLOG 中 ,代码输出部分一般放在一行一列的表格中。
本文 若 有错误或不完善的地方请大家多多指正,您的批评指正是我写作的最大动力。
1.2.2 本文简介
客户的一个账户密码过期了,但是客户设置了永不过期,问到我为什么。我当时觉得设置了永不过期那肯定是生效的,只是这个部分的内容忘得差不多了,当时还想到可能是 resource_limit 这个参数没有设置为 TRUE 的缘故,后来查了官方文档才知道并不是这个原因。于是下决心把这部分的内容系统学习一下,自己总结的内容分享给大家。
1.3 使用 profile 管理用户口令
Oracle 用户的状态是由密码来决定的,而 Oracle 中的密码是由 PROFILE 来配置的。 PROFILE 是口令限制 、 资源限制的命令集合 。 当建立数据库 时 , Oracle 会自动建立名称为 DEFAULT 的 PROFILE 。当 创建 用户 而 没有指定 PROFILE 选项 时 , Oracle 就会将 DEFAULT 分配给用户。
通过如下的命令可以查出与密码相关的 PROFILE 的值:
SELECT *
FROM DBA_PROFILES D
WHERE D.PROFILE = 'DEFAULT'
AND ( D.RESOURCE_NAME LIKE '%PASSWORD%' OR
D.RESOURCE_NAME = 'FAILED_LOGIN_ATTEMPTS' );
每个参数的含义如下所示:
l FAILED_LOGIN_ATTEMPTS 设定登录到 Oracle 数据库时可以失败的次数。一旦某用户尝试登录数据库的达到该值时,该用户的帐户就被锁定,只能由 DBA 能解锁。
l PASSWORD_LIFE_TIME 设定口令的有效时间(天数),一旦超过这一时间,必须重新设口令。缺省为 UNLIMITED 。
l PASSWORD_REUSE_TIME 许多系统不许用户重新启用过去用过的口令。该资源项设定了一个失效口令要经过多少天,用户才可以重新使用该口令,缺省为 UNLIMITED 。
l PASSWORD_REUSE_MAX 重新启用一个先前用过的口令前必须对该口令进行重新设置的次数(重复用的次数)。
l PASSWORD_LOCK_TIME 设定帐户被锁定的天数(当登录失败达到 FAILED_LOGIN_ATTEMPTS 时)。
l PASSWORD_GRACE_TIME 设定在口令失效前,给予的重新设该口令的宽限天。当口令失效之后回,在登录时会出现警告信息显示该天数。如果没有在宽限天内修改口令,口令将失效。
l PASSWORD_VERITY_FUNCTION 该资源项允许调用一个 PL/SQL 来验证口令。 Oracle 已提供该应用的脚本,为 $ORACLE_HOME/rdbms/admin/utlpwdmg.sql 。但是,用户可以制定自己的验证脚本。该参数的设定就是 PL/SQL 函数的名称,缺省为 NULL 。
1.3.1 修改密码为永不过期
|
SYS@lhrdb> select username, account_status,EXPIRY_DATE,profile from dba_users where username = 'LHRSYS';
USERNAM ACCOUNT_STATUS EXPIRY_DATE PROFILE ------- ------------------------------- ------------------- ------------------------------ LHRSYS OPEN 2016-12-07 15:20:36 TESTPROFILE
SYS@lhrdb> alter user lhrsys password expire;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,profile from dba_users where username = 'LHRSYS';
USERNAM ACCOUNT_STATUS EXPIRY_DATE PROFILE ------- ------------------------------- ------------------- ------------------------------ LHRSYS EXPIRED 2016-12-02 16:36:24 TESTPROFILE
SYS@lhrdb> ALTER PROFILE TESTPROFILE LIMIT PASSWORD_LIFE_TIME UNLIMITED;
Profile altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,profile from dba_users where username = 'LHRSYS';
USERNAM ACCOUNT_STATUS EXPIRY_DATE PROFILE ------- ------------------------------- ------------------- ------------------------------ LHRSYS EXPIRED 2016-12-02 16:36:24 TESTPROFILE
SYS@lhrdb> SELECT NB.PASSWORD FROM USER$ NB WHERE NB.NAME ='LHRSYS';
PASSWORD ------------------------------ F809740420A44EFC
SYS@lhrdb> ALTER USER LHRSYS IDENTIFIED BY VALUES 'F809740420A44EFC';
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,profile from dba_users where username = 'LHRSYS';
USERNAM ACCOUNT_STATUS EXPIRY_DATE PROFILE ------- ------------------------------- ------------ ------- ------------------------------ LHRSYS OPEN TESTPROFILE
SYS@lhrdb>
|
1.3.2 ACCOUNT_STATUS 的九种状态
| SYS@lhrdb> SELECT * FROM USER_ASTATUS_MAP;
STATUS# STATUS ---------- -------------------------------- 0 OPEN 1 EXPIRED 2 EXPIRED(GRACE) 4 LOCKED(TIMED) 8 LOCKED 5 EXPIRED & LOCKED(TIMED) 6 EXPIRED(GRACE) & LOCKED(TIMED) 9 EXPIRED & LOCKED 10 EXPIRED(GRACE) & LOCKED
9 rows selected.
|
以上九种可以分为两大类: 1. 基本状态; 2. 组合状态。
前五种是基本状态:
0 OPEN
1 EXPIRED
2 EXPIRED(GRACE)
4 LOCKED(TIMED)
8 LOCKED
后四种是组合状态:
5 EXPIRED & LOCKED(TIMED)
6 EXPIRED(GRACE) & LOCKED(TIMED)
9 EXPIRED & LOCKED
10 EXPIRED(GRACE) & LOCKED
规律是这样的:后四种的组合状态可以通过状态号 STATUS# 获得它是哪两种状态的组合,例如 10=2+8 ( 10 EXPIRED(GRACE) & LOCKED = 2 EXPIRED(GRACE) + 8 LOCKED )。因此只要了解基本状态的含义其他便可无师自通。
这五种基本状态又可以分为三类: 1. 正常状态; 2. 锁定状态; 3. 密码过期状态。
1 ) OPEN 表示用户处于正常状态。
2 )用户被锁定状态, LOCKED 和 LOCKED(TIMED) 两种状态都属于锁定状态
用户被锁定一般分为两种:一种是 DBA 显式的通过 SQL 语句对用户进行锁定;另外一种是被动的锁定,例如默认情况下如果密码输入错误超过 10 次(这个限制是由 PROFILE 中的 FAILED_LOGIN_ATTEMPTS 控制的,该信息可以通过 DBA_PROFILES 视图查询),用户将被锁定。
1.3.2.1 锁定状态
一、 LOCKED显式锁定 LHRSYS 用户 LOCKED 状态演示
SELECT D.USERNAME ,
D.ACCOUNT_STATUS ,
D.LOCK_DATE ,
D.EXPIRY_DATE ,
D.PROFILE ,
NVL ( D.PASSWORD ,
( SELECT NB.PASSWORD FROM USER$ NB WHERE NB.NAME = D.USERNAME )) PASSWORD
FROM DBA_USERS D
WHERE D.USERNAME = 'LHRSYS' ;
| SYS@lhrdb> ALTER USER LHRSYS ACCOUNT LOCK;
User altered.
SYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE. @> conn / as sysdba Connected.
SYS@lhrdb> select username, account_status,d.lock_date from dba_users d where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS LOCK_DATE ------------------------------ -------------------------------- ------------------- LHRSYS LOCKED 2016-12-02 09:33:50
SYS@lhrdb> ALTER USER LHRSYS ACCOUNT UNLOCK;
User altered.
SYS@lhrdb> select username, account_status,d.lock_date from dba_users d where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS LOCK_DATE ------------------------------ -------------------------------- ------------------- LHRSYS OPEN
|
二、 LOCKED(TIMED)
输入 10 次错误密码后被动锁定 LOCKED(TIMED) 状态演示
尝试输入 10 次错误密码后再次查询用户状态。
| SYS@lhrdb> SELECT * FROM Dba_Profiles d WHERE d.profile='DEFAULT' AND D.resource_name LIKE '%FAILED_LOGIN_ATTEMPTS%' ;
PROFILE RESOURCE_NAME RESOURCE LIMIT ------------------------------ -------------------------------- -------- ------------------------------- DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
SYS@lhrdb> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE. @> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-28000: the account is locked <<<<<<<<<------ 超过10 次后用户被锁定
@> CONN / AS SYSDBA Connected.
SYS@lhrdb> select username, account_status,d.lock_date from dba_users d where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS LOCK_DATE ------------------------------ -------------------------------- ------------------- LHRSYS LOCKED(TIMED) 2016-12-02 09:37:20 SYS@lhrdb> SYS@lhrdb>
SYS@lhrdb> ALTER USER LHRSYS ACCOUNT UNLOCK;
User altered.
SYS@lhrdb> select username, account_status,d.lock_date from dba_users d where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS LOCK_DATE ------------------------------ -------------------------------- ------------------- LHRSYS OPEN
|
1.3.2.2 过期状态
用户密码过期状态, EXPIRED 和 EXPIRED(GRACE) 两种状态都属于密码过期状态 。
密码是否过期是通过修改 PROFILE 中的 PASSWORD_LIFE_TIME 实现的,密码过期后还可以使用的天数是通过 PROFILE 中的 PASSWORD_GRACE_TIME 控制的。
关于密码过期我们也可以使用 SQL 显式的去完成,简单演示一下。
| SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS OPEN
SYS@lhrdb> alter user lhrsys password expire;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS EXPIRED 2016-12-01 16:29:01
SYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28001: the password has expired
Changing password for lhrsys New password: Retype new password: Password changed Connected.
LHRSYS@lhrdb> conn / as sysdba Connected. SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS OPEN
|
下面通过修改系统的日期来演示:
| SYS@lhrdb> SELECT D.USERNAME, 2 D.ACCOUNT_STATUS, 3 D.LOCK_DATE, 4 D.EXPIRY_DATE, 5 D.PROFILE, 6 NVL(D.PASSWORD, 7 (SELECT NB.PASSWORD FROM USER$ NB WHERE NB.NAME = D.USERNAME)) PASSWORD 8 FROM DBA_USERS D 9 WHERE D.USERNAME = 'LHRSYS';
USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE PROFILE PASSWORD ------------------------------ -------------------------------- ------------------- ------------------- ------------------------------ ------------------------------ LHRSYS OPEN DEFAULT F809740420A44EFC
SYS@lhrdb> create profile TESTPROFILE LIMIT password_life_time 5 password_grace_time 0; <<<<<<<<<------ 这里将password_grace_time 设置为 0
Profile created.
SYS@lhrdb> alter user LHRSYS profile TESTPROFILE;
User altered.
SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-07 14:50:36
-- 修改系统时间 [root@orcltest ~]# date '12071450' Wed Dec 7 14:50:00 CST 2016 [root@orcltest ~]# 系统查询: SYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:50:19
SYS@lhrdb> conn LHRSYS/lhr Connected. LHRSYS@lhrdb> conn LHRSYS/lhr ERROR: ORA-28001: the password has expired
Changing password for LHRSYS New password: Password unchanged Warning: You are no longer connected to ORACLE.
@> conn / as sysdba Connected. SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED TESTPROFILE 2016-12-12 10:36:06
SYS@lhrdb> alter user LHRSYS identified by lhr;
User altered.
SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-12 14:52:54
|
二、 EXPIRED(GRACE)
当设置了 PASSWORD_GRACE_TIME 以后,第一次成功登录后到口令到期后有多少天时间可改变口令,在这段时间内,帐户被提醒修改口令并可以正常登陆, account_status 显示为 EXPIRED(GRACE) 。 expired(grace) 与 locked(timed) 是 由 系统的 profile 来进行控制的。
| SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-07 14:09:09
SYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-02 14:09:32
SYS@lhrdb> ALTER PROFILE TESTPROFILE LIMIT password_grace_time 3;
Profile altered.
SYS@lhrdb> SELECT * 2 FROM DBA_PROFILES D 3 WHERE D.PROFILE = 'TESTPROFILE' 4 AND (D.RESOURCE_NAME LIKE '%PASSWORD%' OR 5 D.RESOURCE_NAME = 'FAILED_LOGIN_ATTEMPTS');
PROFILE RESOURCE_NAME RESOURCE LIMIT ------------------------------ -------------------------------- -------- ---------------------------------------- TESTPROFILE FAILED_LOGIN_ATTEMPTS PASSWORD DEFAULT TESTPROFILE PASSWORD_LIFE_TIME PASSWORD 5 TESTPROFILE PASSWORD_REUSE_TIME PASSWORD DEFAULT TESTPROFILE PASSWORD_REUSE_MAX PASSWORD DEFAULT TESTPROFILE PASSWORD_VERIFY_FUNCTION PASSWORD DEFAULT TESTPROFILE PASSWORD_LOCK_TIME PASSWORD DEFAULT TESTPROFILE PASSWORD_GRACE_TIME PASSWORD 3
7 rows selected.
SYS@lhrdb>
-- 修改系统时间 [root@orcltest ~]# date '12071408' <<<<<<<<<------ 14:09 过期,我们设置到 14:08 分 Wed Dec 7 14:08:00 CST 2016 [root@orcltest ~]#
系统查询: LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:08:03
LHRSYS@lhrdb> conn lhrsys/lhr Connected.
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:09:06
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:09:09
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:09:11 <<<<<<<<<------ 已过了密码有效期
LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-07 14:09:09 <<<<<<<<<------ 但该用户的状态未改变,下面尝试第一次登陆
LHRSYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28002: the password will expire within 3 days <<<<<<<<<------ 第一次登陆后报错,但用户依然可以登陆,且EXPIRY_DATE 已经变化
Connected. LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED(GRACE) TESTPROFILE 2016-12-10 14:09:34 <<<<<<<<<------ 再次查询状态,变为了 EXPIRED(GRACE)
再次调整日期: [root@orcltest ~]# date '12081430' Thu Dec 8 14:30:00 CST 2016
LHRSYS@lhrdb> LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-08 14:30:12
LHRSYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28002: the password will expire within 2 days <<<<<<<<<------ 变为了2 天
Connected. LHRSYS@lhrdb> 继续更改日期: [root@orcltest ~]# date '12101409' Sat Dec 10 14:09:00 CST 2016 [root@orcltest ~]# 查询: LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-10 14:09:07
LHRSYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28002: the password will expire within 0 days <<<<<<<<<------ 变为了0 天
Connected.
LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED(GRACE) TESTPROFILE 2016-12-10 14:09:34
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-10 14:09:39 <<<<<<<<<------ GRACE 日期已过
LHRSYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28001: the password has expired
Changing password for lhrsys New password: Password unchanged Warning: You are no longer connected to ORACLE.
@> conn / as sysdba Connected. SYS@lhrdb> SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED TESTPROFILE 2016-12-10 14:09:34
SYS@lhrdb> alter user LHRSYS identified by lhr;
User altered.
SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-15 14:13:08
SYS@lhrdb>
|
1.3.2.3 组合状态
关于四种组合状态的解释
因为锁定的两种状态( LOCKED 和 LOCKED(TIMED) )和密码过期的两种状态( EXPIRED 和 EXPIRED(GRACE) )之间没有关系。因此他们之间可以任意组合, 2×2=4 ,因此有四种组合状态:
5 EXPIRED & LOCKED(TIMED)
6 EXPIRED(GRACE) & LOCKED(TIMED)
9 EXPIRED & LOCKED
10 EXPIRED(GRACE) & LOCKED
一、 EXPIRED & LOCKED
EXPIRED & LOCKED 状态表示用户 密码过期且 同时处于锁定状态
| SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS OPEN 2016-12-07 15:02:56 SYS@lhrdb> SYS@lhrdb> alter user lhrsys password expire;
User altered.
SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED 2016-12-02 15:11:12
SYS@lhrdb> alter user lhrsys account lock;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS EXPIRED & LOCKED 2016-12-01 16:51:38
SYS@lhrdb> alter user lhrsys account unlock;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS EXPIRED 2016-12-01 16:51:38
SYS@lhrdb> alter user lhrsys identified by lhr;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS OPEN
|
二、 EXPIRED & LOCKED(TIMED)
EXPIRED & LOCKED(TIMED) 状态表示用户 密码 过期后,错误密码尝试次数超过 PROFILE 中的 FAILED_LOGIN_ATTEMPTS 的限制
|
SYS@lhrdb> select username, account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS OPEN
SYS@lhrdb> alter user lhrsys password expire;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE ------------------------------ -------------------------------- ------------------- LHRSYS EXPIRED 2016-12-02 10:07:27
SYS@lhrdb> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE. @> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> conn / as sysdba Connected.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED & LOCKED(TIMED) 2016-12-02 10:07:27 2016-12-02 10:09:03
SYS@lhrdb> SYS@lhrdb> alter user lhrsys account unlock;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED 2016-12-02 10:07:27
SYS@lhrdb> alter user lhrsys identified by lhr;
User altered.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS OPEN
SYS@lhrdb>
|
三、 EXPIRED(GRACE) & LOCKED
EXPIRED(GRACE) & LOCKED 状态表示用户在密码过期后的有效期内被 DBA 手工锁定。
| LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-07 14:39:20
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:39:17
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:39:25
LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-07 14:39:20
LHRSYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28002: the password will expire within 3 days
Connected. LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED(GRACE) TESTPROFILE 2016-12-10 14:39:54
LHRSYS@lhrdb> alter user lhrsys account lock;
User altered.
SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED(GRACE) & LOCKED 2016-12-10 14:39:54 2016-12-07 14: 40 :20
LHRSYS@lhrdb> alter user lhrsys account unlock;
User altered.
LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED(GRACE) TESTPROFILE 2016-12-10 14:39:54
LHRSYS@lhrdb> alter user LHRSYS identified by lhr;
User altered.
LHRSYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-12 14:40:46
LHRSYS@lhrdb> |
四、 EXPIRED(GRACE) & LOCKED(TIMED)
EXPIRED(GRACE) & LOCKED(TIMED) 状态表示用户在密码过期后的有效期内, 失败 登录次数超过 PROFILE 中的 FAILED_LOGIN_ATTEMPTS 的限制 。
| SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS OPEN 2016-12-07 14:50:06
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-02 14:50:13
修改系统日期: [root@orcltest ~]# date '12071450' Wed Dec 7 14:50:00 CST 2016 [root@orcltest ~]# 查询: LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:50:03
LHRSYS@lhrdb> select sysdate from dual;
SYSDATE ------------------- 2016-12-07 14:50:12
SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS OPEN 2016-12-07 14:50:06
LHRSYS@lhrdb> conn lhrsys/lhr ERROR: ORA-28002: the password will expire within 3 days
Connected. SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED(GRACE) 2016-12-10 14:50:21
LHRSYS@lhrdb> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE. @> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb
ERROR: ORA-01017: invalid username/password; logon denied
@> @> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-28000: the account is locked
@> conn / as sysdba Connected. SYS@lhrdb> select username,account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED(GRACE) & LOCKED(TIMED) 2016-12-10 14:50:21 2016-12- 07 14:5 3 : 30
SYS@lhrdb> alter user lhrsys account unlock;
User altered.
SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS EXPIRED(GRACE) TESTPROFILE 2016-12-10 14:50:21
SYS@lhrdb> alter user LHRSYS identified by lhr;
User altered.
SYS@lhrdb> select username,account_status,profile,EXPIRY_DATE from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS PROFILE EXPIRY_DATE ------------------------------ -------------------------------- ------------------------------ ------------------- LHRSYS OPEN TESTPROFILE 2016-12-1 2 14:5 5 :04
|
1.3.3 在不知道用户密码的情况下如何更改密码
在 O racle 中 , 若用户的密码变为锁定状态( LOCKED 、 LOCKED(TIMED) )则 DBA 直接执行 ALTER USER 用户名 ACCOUNT UNLOCK 就可以 解锁了。 但是 , 如果 用户的状态 变成 过期 状态 ( EXPIRED 、 EXPIRED(GRACE) ), 则 DBA 必须要更改 用户的 密码账户才能重新使用 。 但有些时候 , 因为各种原因并不知道原密码的明文是什么 , 这时候 可以有如下 2 种办法来更新密码。
1.3.3.1 用原密码的密文来更改密码
在 Oracle 10g 中, DBA_USERS 视图的 PASSWORD 字段提供了密码的密文形式,而在 Oracle 11g 中,该字段被弃用了,内容为空,但是在基表 USER$ 中的 PASSWORD 字段依然有记录密文形式,所以可以通过如下的形式来获取密码的密文形式:
SELECT D.USERNAME ,
D.ACCOUNT_STATUS ,
D.LOCK_DATE ,
D.EXPIRY_DATE ,
D.PROFILE ,
NVL ( D.PASSWORD ,
( SELECT NB.PASSWORD FROM USER$ NB WHERE NB.NAME = D.USERNAME )) PASSWORD
FROM DBA_USERS D
WHERE D.USERNAME = 'LHRSYS' ;
另外,可以通过 DBMS_METADATA.GET_DDL 包或者 expdp 、 exp 命令来获取创建用户的语句从而获取密码的密文形式:
| SYS@lhrdb> set long 9999 SYS@lhrdb> SELECT DBMS_METADATA.GET_DDL('USER', 'LHRSYS') DDL_SQL FROM DUAL;
DDL_SQL --------------------------------------------------------------------------------
CREATE USER "LHRSYS" IDENTIFIED BY VALUES 'S:853EA80BAE11F79D6946453F38059E30313FE84C96AE2EE4F3AA35A648BD; F809740420A44EFC ' DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP"
SYS@lhrdb> SYS@lhrdb>
|
获取了密码的密文后就可以用如下的命令来修改了,注意:使用密文的命令中多了一个 values 关键字:
| SYS@lhrdb> SYS@lhrdb> alter user LHRSYS identified by values 'F809740420A44EFC';
User altered.
SYS@lhrdb> CONN LHRSYS/lhr@192.168.59.129/lhrdb Connected. LHRSYS@192.168.59.129/lhrdb> conn / as sysdba Connected. SYS@lhrdb> alter user LHRSYS identified by values 'S:853EA80BAE11F79D6946453F38059E30313FE84C96AE2EE4F3AA35A648BD;F809740420A44EFC';
User altered.
SYS@lhrdb> CONN LHRSYS/lhr@192.168.59.129/lhrdb Connected. LHRSYS@192.168.59.129/lhrdb>
|
这种情况下 , 虽然我们不知道原密码是什么 , 但可以用它的密文来更改密码 , 这样 , 在不知道原密码的情况下 , 既保持了密码不改变 , 又可以把 expired 的状态更改掉 。
在 MOS The Impact of PASSWORD_LIFE_TIME Database Profile Parameter Default to 180 Days on Network Charging and Control ( 文档 ID 1543668.1) 中搜到了如下的命令也可以直接获取密码:
SELECT SQLTEXT
FROM ( SELECT NAME ,
'alter user ' || NAME || ' identified by values ''' ||
PASSWORD || ''';' SQLTEXT
FROM USER$
WHERE SPARE4 IS NULL
AND PASSWORD IS NOT NULL
UNION
SELECT NAME ,
'alter user ' || NAME || ' identified by values ''' || SPARE4 || ';' ||
PASSWORD || ''';' SQLTEXT
FROM USER$
WHERE SPARE4 IS NOT NULL
AND PASSWORD IS NOT NULL )
WHERE NAME = 'LHRSYS' ;
| SYS@lhrdb> SELECT SQLTEXT 2 FROM (SELECT NAME, 3 'alter user ' || NAME || ' identified by values ''' || 4 PASSWORD || ''';' SQLTEXT 5 FROM USER$ 6 WHERE SPARE4 IS NULL 7 AND PASSWORD IS NOT NULL 8 UNION 9 SELECT NAME, 10 'alter user ' || NAME || ' identified by values ''' || SPARE4 || ';' || 11 PASSWORD || ''';' SQLTEXT 12 FROM USER$ 13 WHERE SPARE4 IS NOT NULL 14 AND PASSWORD IS NOT NULL) 15 WHERE NAME = 'LHRSYS';
SQLTEXT ------------------------------------------ alter user LHRSYS identified by values 'S:853EA80BAE11F79D6946453F38059E30313FE84C96AE2EE4F3AA35A648BD;F809740420A44EFC';
|
1.3.3.2 直接更新 USER$ 基表
不管用户的状态是什么,通过更新 USER$ 表可以让用户处于 OPEN 状态:
| SYS@lhrdb> select username, account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS EXPIRED 2016-12-02 10:40:09
SYS@lhrdb> UPDATE USER$ SET ASTATUS=0 WHERE NAME='LHRSYS';
1 row updated.
SYS@lhrdb> commit; <<<<<<<<<------ 及时提交
Commit complete.
SYS@lhrdb> select username, account_status,EXPIRY_DATE,lock_date from dba_users where username = 'LHRSYS';
USERNAME ACCOUNT_STATUS EXPIRY_DATE LOCK_DATE ------------------------------ -------------------------------- ------------------- ------------------- LHRSYS OPEN
SYS@lhrdb>
|
1.3.4 user$.lCOUNT 列记录了失败的登陆次数
登录失败, lcount 加 1 ;只要成功登录后, lcount 栏位就会置 0 。
| SYS@lhrdb> select NAME,LCOUNT from user$ a WHERE a.NAME='LHRSYS';
NAME LCOUNT ------------------------------ ---------- LHRSYS 0
SYS@lhrdb> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE. @> CONN LHRSYS/XXXX@192.168.59.129/lhrdb ERROR: ORA-01017: invalid username/password; logon denied
@> conn / as sysdba Connected. SYS@lhrdb> select NAME,LCOUNT from user$ a WHERE a.NAME='LHRSYS';
NAME LCOUNT ------------------------------ ---------- LHRSYS 2
SYS@lhrdb> SYS@lhrdb> CONN LHRSYS/lhr Connected. LHRSYS@lhrdb> conn / as sysdba Connected. SYS@lhrdb> select NAME,LCOUNT from user$ a WHERE a.NAME='LHRSYS';
NAME LCOUNT ------------------------------ ---------- LHRSYS 0
SYS@lhrdb>
|
另外,审计表也记录了登陆失败的信息:
SELECT d.username , d.timestamp , d.action_name , d.os_username , d.terminal
FROM DBA_AUDIT_TRAIL D
WHERE D.RETURNCODE = 1017
AND D.USERNAME = 'LHRSYS'
ORDER BY d.timestamp DESC ;
1.3.5 11g 密码区分大小写 --sec_case_sensitive_logon
| Property |
Description |
| Parameter type |
Boolean |
| Default value |
true |
| Modifiable |
ALTER SYSTEM |
| Range of values |
true | false |
| Basic |
No |
从 Oracle 11g 开始,密码区分大小写,采用参数 sec_case_sensitive_logon 控制,该参数默认为 TRUE 。
SEC_CASE_SENSITIVE_LOGON enables or disables password case sensitivity in the database.
Values:
true : Database logon passwords are case sensitive.
false : Database logon passwords are not case sensitive.
1.3.6 密码延迟验证
从 11g 开始,如果一个用户使用不正确的密码尝试登录数据库,那么随着登录失败次数的增加,每次登录验证前延迟等待的时间也会增加。
通过设置 EVENTS 28401 可以屏蔽密码延迟验证:
| SQL> ALTER SYSTEM SET EVENT = '28401 TRACE NAME CONTEXT FOREVER, LEVEL 1' SCOPE = SPFILE ; |
设置该事件后重启数据库即可。
| [oracle@orcltest ~]$ oerr ora 28401 28401, 00000, "Event to disable delay after three failed login attempts" // *Document: NO // *Cause: N/A // *Action: Set this event in your environment to disable the login delay // which will otherwise take place after three failed login attempts. // *Note: THIS IS NOT A USER ERROR NUMBER/MESSAGE. THIS DOES NOT NEED TO BE // TRANSLATED OR DOCUMENTED. [oracle@orcltest ~]$
|
1.3.7 哪些用户密码没有被修改过
Oracle 在 11g 中对于安全方面进行了很大的改进,比如增加了密码大小写验证,增加了密码复杂度的验证等等。在 Oracle 11g 中还提供了一个视图 DBA_USERS_WITH_DEFPWD 用来指出那些用户的密码没有被修改过,仍然是数据库默认密码。 Oracle 并不是简单的监测是否密码被修改,而是检查密码是否修改为别的值,如果新密码和旧密码保持一致,那么即使密码被修改,这个用户仍然在 DBA_USERS_WITH_DEFPWD 视图中。
SELECT * FROM DBA_USERS_WITH_DEFPWD ;
1.3.8 密码复杂性校验
脚本位置: $ORACLE_HOME/rdbms/admin/utlpwdmg.sql
| [oracle@orcltest ~]$ ll $ORACLE_HOME/rdbms/admin/utlpwdmg.sql -rw-r--r-- 1 oracle oinstall 11555 Aug 13 2006 /u02/app/oracle/product/11.2.0/dbhome_1/rdbms/admin/utlpwdmg.sql [oracle@orcltest ~]$
SYS@lhrdb> @?/rdbms/admin/utlpwdmg.sql
Function created.
Profile altered.
Function created.
SYS@lhrdb>
|
该脚本中有如下的一段:
| ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 180 PASSWORD_GRACE_TIME 7 PASSWORD_REUSE_TIME UNLIMITED PASSWORD_REUSE_MAX UNLIMITED FAILED_LOGIN_ATTEMPTS 10 PASSWORD_LOCK_TIME 1 PASSWORD_VERIFY_FUNCTION verify_function_11G;
|
更改之后查看:
| SYS@lhrdb> SELECT * FROM Dba_Profiles d WHERE d.profile='DEFAULT';
PROFILE RESOURCE_NAME RESOURCE LIMIT ------------------------------ -------------------------------- -------- ---------------------------------------- DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED DEFAULT CPU_PER_SESSION KERNEL UNLIMITED DEFAULT CPU_PER_CALL KERNEL UNLIMITED DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED DEFAULT IDLE_TIME KERNEL UNLIMITED DEFAULT CONNECT_TIME KERNEL UNLIMITED DEFAULT PRIVATE_SGA KERNEL UNLIMITED DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10 DEFAULT PASSWORD_LIFE_TIME PASSWORD 180 DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION_11G DEFAULT PASSWORD_LOCK_TIME PASSWORD 1 DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
16 rows selected.
SYS@lhrdb> create user lhrpwd identified by lhr; create user lhrpwd identified by lhr * ERROR at line 1: ORA-28003: password verification for the specified password failed ORA-20001: Password length less than 8
SYS@lhrdb> SYS@lhrdb> alter profile default limit PASSWORD_VERIFY_FUNCTION null; <<<<<<<<<------ 取消复杂性验证
Profile altered.
SYS@lhrdb> create user lhrpwd identified by lhr;
User created.
SYS@lhrdb> alter profile default limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION_11G; <<<<<<<------ 启用密码复杂性验证
Profile altered.
SYS@lhrdb>
|
1.3.9 resource_limit
官方文档资料:
To create a profile, you must have the CREATE PROFILE system privilege.
To specify resource limits for a user, you must:
?Enable resource limits dynamically with the ALTER SYSTEM statement or with the initialization parameter RESOURCE_LIMIT. This parameter does not apply to password resources. Password resources are always enabled.
?Create a profile that defines the limits using the CREATE PROFILE statement
?Assign the profile to the user using the CREATE USER or ALTER USER statement
1) 用户所有拥有的 PROFILE 中有关密码的限制永远生效,不受限制。
2 )用户所有拥有的 PROFILE 中有关资源的限制与 resource_limit 参数的设置有关,当为 TRUE 时生效,当为 FALSE 时(默认值是 FALSE )无效。
About Me
...............................................................................................................................
● 本文作者:小麦苗,只专注于数据库的技术,更注重技术的运用
● 本文在itpub(http://blog.itpub.net/26736162)、博客园(http://www.cnblogs.com/lhrbest)和个人微信公众号(xiaomaimiaolhr)上有同步更新
● 本文itpub地址:http://blog.itpub.net/26736162/viewspace-2129595/
● 本文博客园地址:http://www.cnblogs.com/lhrbest/p/6127710.html
● 本文pdf版及小麦苗云盘地址:http://blog.itpub.net/26736162/viewspace-1624453/
● 数据库笔试面试题库及解答:http://blog.itpub.net/26736162/viewspace-2134706/
● QQ群:230161599 微信群:私聊
● 联系我请加QQ好友(646634621),注明添加缘由
● 于 2016-12-01 15:00 ~ 2016-12-02 23:00 在魔都完成
● 文章内容来源于小麦苗的学习笔记,部分整理自网络,若有侵权或不当之处还请谅解
● 版权所有,欢迎分享本文,转载请保留出处
...............................................................................................................................
拿起手机使用微信客户端扫描下边的左边图片来关注小麦苗的微信公众号:xiaomaimiaolhr,扫描右边的二维码加入小麦苗的QQ群,学习最实用的数据库技术。
