当生产环境oracle密码快过期时,如果修改密码的话应用程序也得对应停服务去修改密码,连接数据库的工具的密码全部得做一次更新,这时候就可以用以下的安全加固方法了。
--1、查询非被锁状态下的用户、过期时间、profile、密码 select username, profile,account_status,EXPIRY_DATE,password from dba_users where account_status not like '%LOCK%'; select name,password from sys.user$ where name in (select username from dba_users where account_status='OPEN'); select * from dba_profiles where RESOURCE_NAME in ('PASSWORD_REUSE_TIME','PASSWORD_REUSE_MAX'); --2、回退安全加固 alter profile default limit PASSWORD_REUSE_MAX unlimited; alter profile default limit PASSWORD_REUSE_TIME unlimited; alter profile MONITORING_PROFILE limit PASSWORD_REUSE_MAX unlimited; alter profile MONITORING_PROFILE limit PASSWORD_REUSE_TIME unlimited; --3、刷新密码(执行以下sql) select 'alter user ' name ' identified by values ''' password ''';' from sys.user$ where name in ( select username from dba_users where account_status not like '%LOCK%'); --4、安全加固 alter profile default limit PASSWORD_REUSE_MAX 5; alter profile default limit PASSWORD_REUSE_TIME 1800; alter profile MONITORING_PROFILE limit PASSWORD_REUSE_MAX 5; alter profile MONITORING_PROFILE limit PASSWORD_REUSE_TIME 1800; --5、检查用户过期日期及安全加固机制 select username, profile,account_status,EXPIRY_DATE,password from dba_users where account_status not like '%LOCK%'; select from dba_profiles where profile='DEFAULT';