1.DB
auditing
alter system set audit_trail=os
scope=spfile
AUDIT SELECT, INSERT, DELETE , UPDATE ON user.emp BY audit_test BY
ACCESS;
--turn off all auditing
options
NOAUDIT ALL ON
DEFAULT;
2.User profile
CREATE PROFILE my_profile
LIMIT
FAILED_LOGIN_ATTEMPTS 3 -- Account locked
after 3 failed logins.
PASSWORD_LOCK_TIME 5 -- Number of days
account is locked for. UNLIMITED required explicit unlock by
DBA.
PASSWORD_LIFE_TIME 30 -- Password
expires after 90 days.
PASSWORD_GRACE_TIME 3 -- Grace period
for password expiration. 允許緩衝時間
PASSWORD_REUSE_TIME 120 -- Number of days
until a specific password can be reused. UNLIMITED means never.
過幾天後可用同密碼
PASSWORD_REUSE_MAX 10 -- The number of
changes required before a password can be reused. UNLIMITED means never.
留幾代
PASSWORD_VERIFY_FUNCTION
my_verify_function
/
另外要手動建立一個verify function for Oracle 10g
另外要手動建立一個verify function for Oracle 10g
CREATE OR REPLACE FUNCTION
my_varification_function (
username
VARCHAR2,
password
VARCHAR2,
old_password
VARCHAR2)
RETURN BOOLEAN
AS
BEGIN
IF LENGTH(password) < 8
THEN
RETURN
FALSE;
ELSE
RETURN TRUE;
END IF;
END
my_varification_function;
/
oracle 11g 中,增加新函數verify_function_11g
。這一函數可以對密碼長度是否同時出現了字母數位記號進行檢查,檢查是否與用戶名同名,也檢查密碼是否是幾個最常用的辭彙,如welcome、database1、account1等。最後,密碼修改時檢查新舊密碼是否過於相似。
@$ORACLE_HOME/RDBMS/ADMIN/utlpwdmg.sql
ALTER PROFILE my_profile
PASSWORD_VERIFY_FUNCTION verify_function_11G ;
--2018/3/23
於Oracle 12c R2, VERIFY_FUNCTION、VERIFY_FUNCTION_11g password functions 已經被廢棄,請改用
ORA12C_VERIFY_FUNCTION、ORA12C_STRONG_VERIFY_FUNCTION.
--2018/3/23
於Oracle 12c R2, VERIFY_FUNCTION、VERIFY_FUNCTION_11g password functions 已經被廢棄,請改用
ORA12C_VERIFY_FUNCTION、ORA12C_STRONG_VERIFY_FUNCTION.
沒有留言:
張貼留言