Overview of Oracle Authentication Methods

Overview of Oracle Authentication Methods authentication is to identify users who need to use data, resources or applications. After passing the authentication, it can provide a reliable connection relationship for the database operations following the user. Oracle provides a variety of identity authentication methods, including operating system identity authentication, network identity authentication, Oracle Database identity authentication, multi-layer identity authentication and administrator identity authentication. 1) Operating System Identity Authentication for some operating systems www.2cto.com, for example, WINDOWS allows databases to use their authentication information. Once authenticated by the operating system, you can easily connect to Oracle without entering the user name and password. For example, users who pass operating system authentication can start SQLPLUS with the following command without entering the password: SQLPLUS/2) network Identity Authentication network identity authentication is handled by a third-party SSL protocol. SSL is a secure socket layer ). 3) Oracle Database Identity Authentication Oracle can use the information stored in the database to authenticate the users connected to the database. When logging on to the Oracle database, you must enter the username and password of Oracle to log on to the Oracle database. A. Password Encryption in the connection. During network connection, passwords are automatically and transparently encrypted. Oracle's encryption algorithm is the improved 3DES and DES algorithms, and the encryption process is completed before data transmission. Www.2cto.com B. The account is locked. Oracle can set that after n consecutive logon failures, Oracle will lock the user account. You can configure the system to automatically unlock the locked user after a period of time, or require the DBA to manually unlock the user. DBAs can manually lock accounts. These accounts cannot be automatically unlocked and can only be manually unlocked by DBAs. C. Password lifecycle. DBA can specify the password life cycle, and the password must be modified before logon. There will also be a transitional period after the password expires. During this period, the user will receive a Change Notification every time he logs on. If the password has not been changed after the transition period, the account will be locked. It can only be used after being unlocked by the Administrator. D. Check the historical password. If the check history password option is set, the database detects each new password and ensures that the password cannot be reused within the specified time or number of password changes. E. Verify the complexity of the password. Verify that the Password meets the requirements of a complex password and is not illegally intruded into the system by others by means of a guess. The criteria for a complex password are as follows: the password for www.2cto.com must contain at least four characters. The user name must contain at least one letter, a number, and a punctuation character. do not contain the specified word, for example, welcome, account, database, user, etc. 4) DBA authenticates the DBA with high-level management permissions and can perform some special operations, such as shutting down and enabling the database. These operations are not allowed by common users. If you close the database at will, other users will not be able to use the database normally. Therefore, Oracle database provides DBA with a secure authentication method. You can select the operating system authentication or password authentication method. If you use the operating system authentication method, you usually need to create a user group in the operating system, and grant the DBA permission to the reorganization, and then add the DBA user to the group. Oracle provides two special user groups: OSDBA and OSPER. In WINDOWS, the user group corresponding to OSDBA is ORA_DBA, and the user group corresponding to OSOPER is ORA_OPER. If the user group belongs to the OSDBA group and connects to the database as SYSDBA, the user in this group has SYSDBA system permissions. If the user does not belong to these two groups, he tries to use SYSDBA or SYSOPER to connect to the database, the database connection fails. In SQLPLUS, if you use the operating system authentication method to log on, you can use the following command: CONNECT/as sysdbaconnect/as sysoper oracle Database logon identity: SYSDBA: Database Administrator identity, has the privileges of all Oracle behaviors, such as creating, modifying, and deleting databases, starting and disabling databases, backing up and recovering data, archiving logs, and session restrictions. SYSOPER: a database operator with the same permissions as SYSDBA, but cannot create or delete databases. NORMAL: NORMAL user identity. NORMAL users can use NORMAL identity to connect to SQLPLUS to access the database.