在11.1之前的版本,很多人可能都知道,可以通過alter user identified by values password 來還原oracle 資料庫曆史密碼,但是在11g中出現幾個問題:
1. dba_users中無password記錄(值為空白),這個問題可以通過直接查詢user$.password依然有記錄
SQL> select password from dba_users where username='SYS';
PASSWORD
------------------------------
SQL> select password from user$ WHERE name='SYS';
PASSWORD
------------------------------
8A8F025737A9097A
2.在11.1開始user$中的SPARE4有值,從而使得資料庫密碼區分大小寫,參考blog:關於ORACLE 11G密碼大小寫敏感猜想(USER$.SPARE4)
SQL> select SPARE4 from user$ WHERE name='SYS';
SPARE4
--------------------------------------------------------------------------------
S:C7C81BBE7760B5BBB3973F0971AA36C737BF6DCC4A34FE925CE70B0739BD
現在就存在疑問,在11G版本中,如何來還原Oracle資料庫使用者曆史密碼呢?,這裡通過實驗的方式證明,alter user identified by values後面值可以是user$.password 也可以是user$.SPARE4,只是兩者在密碼大小寫上有區別,具體實驗如下:
建立測試使用者xifenfei
[oracle@localhost ~]$ ss
SQL*Plus: Release 11.2.0.4.0 Production on Fri Apr 10 16:00:03 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> select sysdate "www.xifenfei.com" from dual;
www.xifen
---------
10-APR-15
SQL> create user xifenfei identified by oracle;
User created.
SQL> grant create session to xifenfei;
Grant succeeded.
SQL> conn xifenfei/oracle
Connected.
SQL> conn xifenfei/ORACLE
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> show parameter sec_case_sensitive_logon ;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
sec_case_sensitive_logon boolean TRUE
這裡由於sec_case_sensitive_logon參數預設為true,因此密碼區分大小寫
修改資料庫密碼
SQL> select spare4,password from user$ where name='XIFENFEI';
SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D
1BA871FA3B1C3F45
SQL> alter user xifenfei identified by xifenfei;
User altered.
SQL> select spare4,password from user$ where name='XIFENFEI';
SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:A75A184EA2767488E698C443E97CB2473B46A9C80C2C61833BA867CB8B17
1682CAA2339F770F
SQL> conn xifenfei/xifenfei
Connected.
SQL> conn xifenfei/XIFENFEI
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn xifenfei/oracle
ERROR:
ORA-01017: invalid username/password; logon denied
這裡把xifenfei使用者的密碼從oracle修改為xifenfei
嘗試values user$.password恢複以前密碼
SQL> conn / as sysdba
Connected.
SQL> alter user xifenfei identified by values '1BA871FA3B1C3F45';
User altered.
SQL> select spare4,password from user$ where name='XIFENFEI';
SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
1BA871FA3B1C3F45
SQL> conn xifenfei/oracle
Connected.
SQL> conn xifenfei/ORACLE
Connected.
SQL> conn xifenfei/xifenfei
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
通過該方式還原上次密碼後,發現user$.SPARE4為空白,也就使得Oracle不再區分密碼大小寫.
嘗試values user$.spare4恢複以前密碼
SQL> conn / as sysdba
Connected.
SQL> alter user xifenfei identified by xifenfei;
User altered.
SQL> select spare4,password from user$ where name='XIFENFEI';
SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:48A11864AD633E904126C20E8C374A4AA45D87BB005D35AD2B10766E8E11
1682CAA2339F770F
SQL> conn xifenfei/xifenfei
Connected.
SQL> conn xifenfei/oracle
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn xifenfei/XIFENFEI
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D';
SP2-0640: Not connected
SQL> conn / as sysdba
Connected.
SQL> alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D';
alter user xifenfei identified by values '6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D'
*
ERROR at line 1:
ORA-00600: internal error code, arguments: [kzsviver:2], [], [], [], [], [],
[], [], [], [], [], []
--少寫了S:,直接報ORA-600錯誤,懷疑S:是spare4列的某種標識
SQL>
SQL>
SQL>
SQL> alter user xifenfei identified by values 'S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D';
User altered.
SQL> select spare4,password from user$ where name='XIFENFEI';
SPARE4
--------------------------------------------------------------------------------
PASSWORD
------------------------------
S:6E34E993900317BBFD6289E4AE619D634AA6AD804C765A3DEE1CCABCC50D
SQL> conn xifenfei/oracle
Connected.
SQL> conn xifenfei/ORACLE
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn xifenfei/xifenfei
ERROR:
ORA-01017: invalid username/password; logon denied
這裡發現通過values user$.spare4恢複以前密碼後,user$.password列為空白,但是密碼依舊區分大小寫。這裡可以看出來,user$.password項以後可能取消掉,為了相容性,因此Oracle在後續版本中依舊保留.
關於oracle 11G中恢複以前密碼操作總結
1. 通過values user$.password恢複以前密碼後,不區分大小寫
2. 通過values user$.spare4恢複以前密碼後,區分大小寫
3. 目前兩種方式都可以實現11g恢複以前密碼,但是推薦使用user$.spare4值修改
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
