oracle安全性的參數(shù)是什么

oracle安全性的參數(shù)是什么，很多新手對(duì)此不是很清楚，為了幫助大家解決這個(gè)難題，下面小編將為大家詳細(xì)講解，有這方面需求的人可以來(lái)學(xué)習(xí)下，希望你能有所收獲。

Oracle Database11g 增加了一組新參數(shù)以加強(qiáng)數(shù)據(jù)庫(kù)的默認(rèn)安全性。這些參數(shù)是系統(tǒng)范圍的靜態(tài)參數(shù)。

（1）使用區(qū)分大小寫的口令以加強(qiáng)安全性

新參數(shù)SEC_CASE_SENSITIVE_LOGON使您可以設(shè)置區(qū)分大小寫的用戶口令。Oracle 建議保留默認(rèn)設(shè)置TRUE。將此參數(shù)設(shè)置為FALSE 可指定不區(qū)分大小寫的口令以實(shí)現(xiàn)向后兼容性。

ALTER SYSTEM SETSEC_CASE_SENSITIVE_LOGON = FALSE

注：禁用區(qū)分大小寫會(huì)使口令在強(qiáng)力攻擊面前變得更脆弱。

（2）防止拒絕服務(wù)(DoS) 攻擊

SEC_PROTOCOL_ERROR_FURTHER_ACTION參數(shù)：指定了要對(duì)客戶機(jī)連接執(zhí)行的操作：繼續(xù)、斷開連接或延遲接受請(qǐng)求。

SEC_PROTOCOL_ERROR_TRACE_ACTION參數(shù)：指定了監(jiān)視操作：NONE、TRACE、LOG 或ALERT。

（3）防止強(qiáng)力攻擊

新的初始化參數(shù)SEC_MAX_FAILED_LOGIN_ATTEMPTS的默認(rèn)設(shè)置為10，表示在連接嘗試達(dá)到指定次數(shù)后會(huì)自動(dòng)斷開連接。即使未啟用口令概要文件，也會(huì)強(qiáng)制實(shí)施此參數(shù)。

此參數(shù)可以防止程序連接到數(shù)據(jù)庫(kù)，然后成百上千次地嘗試口令以通過(guò)驗(yàn)證。

SEC_PROTOCOL_ERROR_FURTHER_ACTION

SEC_PROTOCOL_ERROR_FURTHER_ACTION  specifies the further execution of a server 

process when receiving bad packets from a possibly malicious client.

Values:

■ CONTINUE

The server process continues execution. The database server may be subject to a 

Denial of Service (DoS) if bad packets cont inue to be sent by a malicious client.

■ (DELAY,integer)

The client experiences a delay of  integer  seconds before the server process accepts 

the next request from the same client co nnection. Malicious cl ients are prevented 

from excessive consumption of server resources while legitimate clients experience 

a degradation in performance but can continue to function.

■ (DROP, integer)

The server forcefully terminates the client connection after  integer  cumulative bad 

packets. The server protects itself at the ex pense of the client (for example, a client 

transaction may be lost). The client may reconnect and attempt the same 

operation.

Property Description

Parameter type Integer

Default value 10

Modifiable No

Range of values 1 to unlimited

Basic No

Property Description

Parameter type String

Syntax SEC_PROTOCOL_ERROR_FURTHER_ACTION = { CONTINUE | 

(DELAY,integer) | (DROP, integer) }

Default value CONTINUE

Modifiable ALTER SESSION ,  ALTER SYSTEM

Basic No

SEC_PROTOCOL_ERROR_TRACE_ACTION

1-154 Oracle Database Reference

SEC_PROTOCOL_ERROR_TRACE_ACTION

SEC_PROTOCOL_ERROR_TRACE_ACTION  specifies the action th at the database should 

take when bad packets are received  from a possibly malicious client.

Values:

■ NONE

The database server ignores the bad packets and does not generate any trace files 

or log messages.

■ TRACE

A detailed trace file is generated when bad packets are received, which can be 

used to debug any problems in client/server communication.

■ LOG

A minimal log message is printed in the alert logfile and in the server trace file. A 

minimal amount of disk space is used.

■ ALERT

An alert message is sent to a DBA or monitoring console.

看完上述內(nèi)容是否對(duì)您有幫助呢？如果還想對(duì)相關(guān)知識(shí)有進(jìn)一步的了解或閱讀更多相關(guān)文章，請(qǐng)關(guān)注億速云行業(yè)資訊頻道，感謝您對(duì)億速云的支持。