失败登陆延迟,出发点是好的,但是代价是高昂的,如果有人恶意使用同一错误密码连接数据库,每次失败登陆是延迟了,但是这些session在数据库中是存在的。数据库的session会持续增加,
延迟测试过程如下:
Normal 0 7.8 磅 0 2 false false false EN-US ZH-CN X-NONE设置EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1"前
[oracle@localhost ~]$ sqlplus "/as sysdba"
SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 12 09:42:00 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
09:42:00 sys@orcl> create user test identified by test;
User created.
Elapsed: 00:00:00.08
09:42:15 sys@orcl> grant connect to test;
Grant succeeded.
Elapsed: 00:00:00.02
09:42:24 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
我觉得这次可以不算,
09:42:35 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:42:37 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:42:38 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:42:41 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:42:45 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:42:50 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:42:56 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:43:03 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:43:11 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:43:20 sys@orcl> exit
可以看出,从第四次开始,返回登陆失败错误信息的时间开始延长,因为复制粘贴大概占用1s的时间,最后一次登陆返回信心大概花了09:43:20---09:43:11
再减去1s,大概8s左右
下面再看看设置EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1"的情况
09:44:41 sys@orcl> show parameter pfile
NAME TYPE VALUE
------------------------------------ --------------------------------- ------------------------------
spfile string /opt/u01/app/oracle/product/11
.2.0.3/db/dbs/spfileorcl.ora
09:44:46 sys@orcl> create pfile from spfile;
File created.
Elapsed: 00:00:00.06
09:45:06 sys@orcl> alter system set EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1" scope=spfile;
System altered.
Elapsed: 00:00:00.11
09:45:25 sys@orcl> shutdown immediate
Elapsed: 00:00:00.11
09:45:25 sys@orcl> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
09:45:42 sys@orcl> startup
ORACLE instance started.
Total System Global Area 1603411968 bytes
Fixed Size 2228784 bytes
Variable Size 1073745360 bytes
Database Buffers 520093696 bytes
Redo Buffers 7344128 bytes
Database mounted.
Database opened.
09:46:07 sys@orcl> show parameter event
NAME TYPE VALUE
------------------------------------ --------------------------------- ------------------------------
event string 28401 TRACE NAME CONTEXT FOREV
ER, LEVEL 1
xml_db_events string enable
09:46:14 sys@orcl> conn test/test1
ERROR:
ORA-28000: the account is locked
[oracle@localhost ~]$ sqlplus "/as sysdba"
SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 12 09:53:03 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
09:53:03 sys@orcl> alter user TEST account unlock;
User altered.
Elapsed: 00:00:00.03
09:53:05 sys@orcl> alter profile DEFAULT limit failed_login_attempts unlimited;
Profile altered.
Elapsed: 00:00:00.03
09:53:24 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
同样本次可以不算
09:53:39 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:40 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:42 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:44 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:45 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:47 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:48 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:49 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:51 sys@orcl> conn test/test1
ERROR:
ORA-01017: invalid username/password; logon denied
09:53:52 sys@orcl>
从测试可以看出设置EVENT="28401 TRACE NAME CONTEXT FOREVER, LEVEL 1"后,登陆失败将不再延迟。
How to Find which Session is Holding a Particular Library Cache Lock (Doc ID 122793.1)这个也是mas上面的一篇文档,大家有兴趣可以看看