11g 使用 alter user identified by values password 恢复历史密码

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:11g 使用 alter user identified by values password 恢复历史密码

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

在11.1之前的版本,很多人可能都知道,可以通过alter user identified by values password 来还原oracle 数据库历史密码,但是在11g中出现几个问题:
1. dba_users中无password记录(值为空),这个问题可以通过直接查询user$.password依然有记录

SQL> select password from dba_users where username='SYS';

PASSWORD
------------------------------


SQL> select password from user$ WHERE name='SYS';

PASSWORD
------------------------------
8A8F025737A9097A

2.在11.1开始user$中的SPARE4有值,从而使得数据库密码区分大小写,参考blog:关于ORACLE 11G密码大小写敏感猜想(USER$.SPARE4)

SQL>  select SPARE4  from user$ WHERE name='SYS';

SPARE4
--------------------------------------------------------------------------------
S:C7C81BBE7760B5BBB3973F0971AA36C737BF6DCC4A34FE925CE70B0739BD

现在就存在疑问,在11G版本中,如何来还原Oracle数据库用户历史密码呢?,这里通过试验的方式证明,alter user identified by values后面值可以是user$.password 也可以是user$.SPARE4,只是两者在密码大小写上有区别,具体试验如下:

创建测试用户xifenfei

[oracle@localhost ~]$ ss

SQL*Plus: Release 11.2.0.4.0 Production on Fri Apr 10 16:00:03 2015

Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select * from v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE    11.2.0.4.0      Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production

SQL> select sysdate "www.xifenfei.com" from dual;

www.xifen
---------
10-APR-15

SQL> create user xifenfei identified by oracle;

User created.

SQL> grant create session to xifenfei;

Grant succeeded.

SQL> conn xifenfei/oracle
Connected.
SQL> conn xifenfei/ORACLE
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> show parameter sec_case_sensitive_logon ;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
sec_case_sensitive_logon             boolean     TRUE

这里由于sec_case_sensitive_logon参数默认为true,因此密码区分大小写

修改数据库密码

SQL> select spare4,password from user$ where name='XIFENFEI';

SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D
1BA871FA3B1C3F45


SQL> alter user xifenfei identified by xifenfei;

User altered.

SQL> select spare4,password from user$ where name='XIFENFEI';

SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:A75A184EA2767488E698C443E97CB2473B46A9C80C2C61833BA867CB8B17
1682CAA2339F770F


SQL> conn xifenfei/xifenfei
Connected.
SQL> conn xifenfei/XIFENFEI
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
SQL> conn xifenfei/oracle
ERROR:
ORA-01017: invalid username/password; logon denied

这里把xifenfei用户的密码从oracle修改为xifenfei

尝试values user$.password恢复以前密码

SQL> conn / as sysdba
Connected.
SQL> alter user xifenfei identified by values '1BA871FA3B1C3F45';

User altered.

SQL> select spare4,password from user$ where name='XIFENFEI';

SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------

1BA871FA3B1C3F45


SQL> conn xifenfei/oracle
Connected.
SQL> conn xifenfei/ORACLE
Connected.
SQL> conn xifenfei/xifenfei
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.

通过该方式还原上次密码后,发现user$.SPARE4为空,也就使得Oracle不再区分密码大小写.

尝试values user$.spare4恢复以前密码

SQL> conn / as sysdba
Connected.
SQL> alter user xifenfei identified by xifenfei;

User altered.

SQL> select spare4,password from user$ where name='XIFENFEI';

SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:48A11864AD633E904126C20E8C374A4AA45D87BB005D35AD2B10766E8E11
1682CAA2339F770F


SQL> conn xifenfei/xifenfei
Connected.
SQL> conn xifenfei/oracle
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
SQL> conn xifenfei/XIFENFEI
ERROR:
ORA-01017: invalid username/password; logon denied


SQL> alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D';
SP2-0640: Not connected
SQL> conn / as sysdba
Connected.
SQL> alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D';
alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D'
*
ERROR at line 1:
ORA-00600: internal error code, arguments: [kzsviver:2], [], [], [], [], [],
[], [], [], [], [], []
--少写了S:,直接报ORA-600错误,怀疑S:是spare4列的某种标识

SQL> 
SQL> 
SQL> 
SQL> alter user xifenfei identified by values 'S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D';

User altered.

SQL> select spare4,password from user$ where name='XIFENFEI';

SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D

SQL> conn xifenfei/oracle
Connected.
SQL> conn xifenfei/ORACLE
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
SQL> conn xifenfei/xifenfei
ERROR:
ORA-01017: invalid username/password; logon denied

这里发现通过values user$.spare4恢复以前密码后,user$.password列为空,但是密码依旧区分大小写。这里可以看出来,user$.password项以后可能取消掉,为了兼容性,因此Oracle在后续版本中依旧保留.

关于oracle 11G中恢复以前密码操作总结
1. 通过values user$.password恢复以前密码后,不区分大小写
2. 通过values user$.spare4恢复以前密码后,区分大小写
3. 目前两种方式都可以实现11g恢复以前密码,但是推荐使用user$.spare4值修改

此条目发表在 Oracle 分类目录,贴了 , , , , 标签。将固定链接加入收藏夹。

评论功能已关闭。