ITPub博客

首页 > Linux操作系统 > Linux操作系统 > 11g登陆失败延迟

11g登陆失败延迟

原创 Linux操作系统 作者:yangzhangyue 时间:2013-09-12 10:00:18 0 删除 编辑
一个“坑爹”的新特性。
失败登陆延迟,出发点是好的,但是代价是高昂的,如果有人恶意使用同一错误密码连接数据库,每次失败登陆是延迟了,但是这些session在数据库中是存在的。数据库的session会持续增加,

延迟测试过程如下:
Normal 0 7.8 磅 0 2 false false false EN-US ZH-CN X-NONE设置EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1"

 

[oracle@localhost ~]$ sqlplus "/as sysdba"

 

SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 12 09:42:00 2013

 

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

 

 

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

 

09:42:00 sys@orcl> create user test identified by test;

 

User created.

 

Elapsed: 00:00:00.08

09:42:15 sys@orcl> grant connect to test;

 

Grant succeeded.

 

Elapsed: 00:00:00.02

09:42:24 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

Warning: You are no longer connected to ORACLE.

我觉得这次可以不算,

 

09:42:35 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:42:37 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:42:38 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:42:41 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:42:45 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:42:50 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:42:56 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:43:03 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:43:11 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:43:20 sys@orcl> exit

 

 

可以看出,从第四次开始,返回登陆失败错误信息的时间开始延长,因为复制粘贴大概占用1s的时间,最后一次登陆返回信心大概花了09:43:20---09:43:11

再减去1s,大概8s左右

 

下面再看看设置EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1"的情况

09:44:41 sys@orcl> show parameter pfile

 

NAME                                 TYPE                              VALUE

------------------------------------ --------------------------------- ------------------------------

spfile                               string                            /opt/u01/app/oracle/product/11

                                                                       .2.0.3/db/dbs/spfileorcl.ora

09:44:46 sys@orcl> create pfile from spfile;

 

File created.

 

Elapsed: 00:00:00.06

09:45:06 sys@orcl> alter system set EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1" scope=spfile;

 

System altered.

 

Elapsed: 00:00:00.11

09:45:25 sys@orcl> shutdown immediate

 

Elapsed: 00:00:00.11

09:45:25 sys@orcl> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

09:45:42 sys@orcl> startup

ORACLE instance started.

 

Total System Global Area 1603411968 bytes

Fixed Size                  2228784 bytes

Variable Size            1073745360 bytes

Database Buffers          520093696 bytes

Redo Buffers                7344128 bytes

Database mounted.

Database opened.

 

09:46:07 sys@orcl> show parameter event

 

NAME                                 TYPE                              VALUE

------------------------------------ --------------------------------- ------------------------------

event                                string                            28401 TRACE NAME CONTEXT FOREV

                                                                       ER, LEVEL 1

xml_db_events                        string                            enable

09:46:14 sys@orcl> conn test/test1

ERROR:

ORA-28000: the account is locked

[oracle@localhost ~]$ sqlplus "/as sysdba"

 

SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 12 09:53:03 2013

 

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

 

 

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

 

09:53:03 sys@orcl> alter user TEST  account unlock;

 

User altered.

 

Elapsed: 00:00:00.03

09:53:05 sys@orcl> alter profile DEFAULT limit  failed_login_attempts unlimited;

 

Profile altered.

 

Elapsed: 00:00:00.03

09:53:24 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

Warning: You are no longer connected to ORACLE.

同样本次可以不算

09:53:39 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:40 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:42 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:44 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:45 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:47 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:48 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:49 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:51 sys@orcl> conn test/test1

ERROR:

ORA-01017: invalid username/password; logon denied

 

 

09:53:52 sys@orcl>

 

从测试可以看出设置EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1"后,登陆失败将不再延迟。

How to Find which Session is Holding a Particular Library Cache Lock (Doc ID 122793.1)这个也是mas上面的一篇文档,大家有兴趣可以看看


来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29033984/viewspace-772600/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2013-07-09

  • 博文量
    36
  • 访问量
    219746