联系:手机/微信(+86 17813235971) QQ(107644445)
标题:11g 使用 alter user identified by values password 恢复历史密码
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
在11.1之前的版本,很多人可能都知道,可以通过alter user identified by values password 来还原oracle 数据库历史密码,但是在11g中出现几个问题:
1. dba_users中无password记录(值为空),这个问题可以通过直接查询user$.password依然有记录
SQL> select password from dba_users where username='SYS'; PASSWORD ------------------------------ SQL> select password from user$ WHERE name='SYS'; PASSWORD ------------------------------ 8A8F025737A9097A
2.在11.1开始user$中的SPARE4有值,从而使得数据库密码区分大小写,参考blog:关于ORACLE 11G密码大小写敏感猜想(USER$.SPARE4)
SQL> select SPARE4 from user$ WHERE name='SYS'; SPARE4 -------------------------------------------------------------------------------- S:C7C81BBE7760B5BBB3973F0971AA36C737BF6DCC4A34FE925CE70B0739BD
现在就存在疑问,在11G版本中,如何来还原Oracle数据库用户历史密码呢?,这里通过试验的方式证明,alter user identified by values后面值可以是user$.password 也可以是user$.SPARE4,只是两者在密码大小写上有区别,具体试验如下:
创建测试用户xifenfei
[oracle@localhost ~]$ ss SQL*Plus: Release 11.2.0.4.0 Production on Fri Apr 10 16:00:03 2015 Copyright (c) 1982, 2013, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production PL/SQL Release 11.2.0.4.0 - Production CORE 11.2.0.4.0 Production TNS for Linux: Version 11.2.0.4.0 - Production NLSRTL Version 11.2.0.4.0 - Production SQL> select sysdate "www.xifenfei.com" from dual; www.xifen --------- 10-APR-15 SQL> create user xifenfei identified by oracle; User created. SQL> grant create session to xifenfei; Grant succeeded. SQL> conn xifenfei/oracle Connected. SQL> conn xifenfei/ORACLE ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE. SQL> conn / as sysdba Connected. SQL> show parameter sec_case_sensitive_logon ; NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ sec_case_sensitive_logon boolean TRUE
这里由于sec_case_sensitive_logon参数默认为true,因此密码区分大小写
修改数据库密码
SQL> select spare4,password from user$ where name='XIFENFEI'; SPARE4 -------------------------------------------------------------------------------- PASSWORD ------------------------------ S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D 1BA871FA3B1C3F45 SQL> alter user xifenfei identified by xifenfei; User altered. SQL> select spare4,password from user$ where name='XIFENFEI'; SPARE4 -------------------------------------------------------------------------------- PASSWORD ------------------------------ S:A75A184EA2767488E698C443E97CB2473B46A9C80C2C61833BA867CB8B17 1682CAA2339F770F SQL> conn xifenfei/xifenfei Connected. SQL> conn xifenfei/XIFENFEI ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE. SQL> conn xifenfei/oracle ERROR: ORA-01017: invalid username/password; logon denied
这里把xifenfei用户的密码从oracle修改为xifenfei
尝试values user$.password恢复以前密码
SQL> conn / as sysdba Connected. SQL> alter user xifenfei identified by values '1BA871FA3B1C3F45'; User altered. SQL> select spare4,password from user$ where name='XIFENFEI'; SPARE4 -------------------------------------------------------------------------------- PASSWORD ------------------------------ 1BA871FA3B1C3F45 SQL> conn xifenfei/oracle Connected. SQL> conn xifenfei/ORACLE Connected. SQL> conn xifenfei/xifenfei ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE.
通过该方式还原上次密码后,发现user$.SPARE4为空,也就使得Oracle不再区分密码大小写.
尝试values user$.spare4恢复以前密码
SQL> conn / as sysdba Connected. SQL> alter user xifenfei identified by xifenfei; User altered. SQL> select spare4,password from user$ where name='XIFENFEI'; SPARE4 -------------------------------------------------------------------------------- PASSWORD ------------------------------ S:48A11864AD633E904126C20E8C374A4AA45D87BB005D35AD2B10766E8E11 1682CAA2339F770F SQL> conn xifenfei/xifenfei Connected. SQL> conn xifenfei/oracle ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE. SQL> conn xifenfei/XIFENFEI ERROR: ORA-01017: invalid username/password; logon denied SQL> alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D'; SP2-0640: Not connected SQL> conn / as sysdba Connected. SQL> alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D'; alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D' * ERROR at line 1: ORA-00600: internal error code, arguments: [kzsviver:2], [], [], [], [], [], [], [], [], [], [], [] --少写了S:,直接报ORA-600错误,怀疑S:是spare4列的某种标识 SQL> SQL> SQL> SQL> alter user xifenfei identified by values 'S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D'; User altered. SQL> select spare4,password from user$ where name='XIFENFEI'; SPARE4 -------------------------------------------------------------------------------- PASSWORD ------------------------------ S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D SQL> conn xifenfei/oracle Connected. SQL> conn xifenfei/ORACLE ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE. SQL> conn xifenfei/xifenfei ERROR: ORA-01017: invalid username/password; logon denied
这里发现通过values user$.spare4恢复以前密码后,user$.password列为空,但是密码依旧区分大小写。这里可以看出来,user$.password项以后可能取消掉,为了兼容性,因此Oracle在后续版本中依旧保留.
关于oracle 11G中恢复以前密码操作总结
1. 通过values user$.password恢复以前密码后,不区分大小写
2. 通过values user$.spare4恢复以前密码后,区分大小写
3. 目前两种方式都可以实现11g恢复以前密码,但是推荐使用user$.spare4值修改