Bo's Oracle Station

查看: 2935|回复: 0

课程第50/51次(2017-07-08星期六上下午)

[复制链接]

1005

主题

1469

帖子

1万

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
12012
发表于 2017-7-10 17:00:22 | 显示全部楼层 |阅读模式
上完1Z0-052第11章
开始导入和导出
1Z0-052
19章(上完16章),1Z0-05321章(上完17章)和1Z0-063多租户部分共9章(上完0章)
总共上完全部49章中的33
  1. select  u.USERNAME,u.ACCOUNT_STATUS,u.EXPIRY_DATE,u.LOCK_DATE
  2. from dba_users u
  3. where u.USERNAME='HR';

  4.          
  5.                         
  6. ALTER PROFILE "PROFILE1" LIMIT PASSWORD_REUSE_MAX 1
  7. PASSWORD_REUSE_TIME 0.013888889;



  8. select  * from dba_profiles p where p.RESOURCE_TYPE='PASSWORD'
  9. and p.PROFILE='PROFILE1';
复制代码
  1. CREATE OR REPLACE FUNCTION verify_function_11G
  2. (username varchar2,
  3.   password varchar2,
  4.   old_password varchar2)
  5.   RETURN boolean IS
  6.    n boolean;
  7.    m integer;
  8.    differ integer;
  9.    isdigit boolean;
  10.    ischar  boolean;
  11.    ispunct boolean;
  12.    db_name varchar2(40);
  13.    digitarray varchar2(20);
  14.    punctarray varchar2(25);
  15.    chararray varchar2(52);
  16.    i_char varchar2(10);
  17.    simple_password varchar2(10);
  18.    reverse_user varchar2(32);

  19. BEGIN
  20.    digitarray:= '0123456789';
  21.    chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

  22.    -- Check for the minimum length of the password
  23.    IF length(password) < 8 THEN
  24.       raise_application_error(-20001, 'Password length less than 8');
  25.    END IF;


  26.    -- Check if the password is same as the username or username(1-100)
  27.    IF NLS_LOWER(password) = NLS_LOWER(username) THEN
  28.      raise_application_error(-20002, 'Password same as or similar to user');
  29.    END IF;
  30.    FOR i IN 1..100 LOOP
  31.       i_char := to_char(i);
  32.       if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN
  33.         raise_application_error(-20005, 'Password same as or similar to user name ');
  34.       END IF;
  35.     END LOOP;

  36.    -- Check if the password is same as the username reversed
  37.    
  38.    FOR i in REVERSE 1..length(username) LOOP
  39.      reverse_user := reverse_user || substr(username, i, 1);
  40.    END LOOP;
  41.    IF NLS_LOWER(password) = NLS_LOWER(reverse_user) THEN
  42.      raise_application_error(-20003, 'Password same as username reversed');
  43.    END IF;

  44.    -- Check if the password is the same as server name and or servername(1-100)
  45.    select name into db_name from sys.v$database;
  46.    if NLS_LOWER(db_name) = NLS_LOWER(password) THEN
  47.       raise_application_error(-20004, 'Password same as or similar to server name');
  48.    END IF;
  49.    FOR i IN 1..100 LOOP
  50.       i_char := to_char(i);
  51.       if NLS_LOWER(db_name)|| i_char = NLS_LOWER(password) THEN
  52.         raise_application_error(-20005, 'Password same as or similar to server name ');
  53.       END IF;
  54.     END LOOP;

  55.    -- Check if the password is too simple. A dictionary of words may be
  56.    -- maintained and a check may be made so as not to allow the words
  57.    -- that are too simple for the password.
  58.    IF NLS_LOWER(password) IN ('welcome1', 'database1', 'account1', 'user1234', 'password1', 'oracle123', 'computer1', 'abcdefg1', 'change_on_install') THEN
  59.       raise_application_error(-20006, 'Password too simple');
  60.    END IF;

  61.    -- Check if the password is the same as oracle (1-100)
  62.     simple_password := 'oracle';
  63.     FOR i IN 1..100 LOOP
  64.       i_char := to_char(i);
  65.       if simple_password || i_char = NLS_LOWER(password) THEN
  66.         raise_application_error(-20007, 'Password too simple ');
  67.       END IF;
  68.     END LOOP;

  69.    -- Check if the password contains at least one letter, one digit
  70.    -- 1. Check for the digit
  71.    isdigit:=FALSE;
  72.    m := length(password);
  73.    FOR i IN 1..10 LOOP
  74.       FOR j IN 1..m LOOP
  75.          IF substr(password,j,1) = substr(digitarray,i,1) THEN
  76.             isdigit:=TRUE;
  77.              GOTO findchar;
  78.          END IF;
  79.       END LOOP;
  80.    END LOOP;

  81.    IF isdigit = FALSE THEN
  82.       raise_application_error(-20008, 'Password must contain at least one digit, one character');
  83.    END IF;
  84.    -- 2. Check for the character
  85.    <<findchar>>
  86.    ischar:=FALSE;
  87.    FOR i IN 1..length(chararray) LOOP
  88.       FOR j IN 1..m LOOP
  89.          IF substr(password,j,1) = substr(chararray,i,1) THEN
  90.             ischar:=TRUE;
  91.              GOTO endsearch;
  92.          END IF;
  93.       END LOOP;
  94.    END LOOP;
  95.    IF ischar = FALSE THEN
  96.       raise_application_error(-20009, 'Password must contain at least one \
  97.               digit, and one character');
  98.    END IF;


  99.    <<endsearch>>
  100.    -- Check if the password differs from the previous password by at least
  101.    -- 3 letters
  102.    IF old_password IS NOT NULL THEN
  103.      differ := length(old_password) - length(password);

  104.      differ := abs(differ);
  105.      IF differ < 3 THEN
  106.        IF length(password) < length(old_password) THEN
  107.          m := length(password);
  108.        ELSE
  109.          m := length(old_password);
  110.        END IF;

  111.        FOR i IN 1..m LOOP
  112.          IF substr(password,i,1) != substr(old_password,i,1) THEN
  113.            differ := differ + 1;
  114.          END IF;
  115.        END LOOP;

  116.        IF differ < 3 THEN
  117.          raise_application_error(-20011, 'Password should differ from the \
  118.             old password by at least 3 characters');
  119.        END IF;
  120.      END IF;
  121.    END IF;
  122.    -- Everything is fine; return TRUE ;   
  123.    RETURN(TRUE);
  124. END;
  125. /
复制代码
  1. CREATE OR REPLACE FUNCTION verify_function
  2. (username varchar2,
  3.   password varchar2,
  4.   old_password varchar2)
  5.   RETURN boolean IS
  6.    n boolean;
  7.    m integer;
  8.    differ integer;
  9.    isdigit boolean;
  10.    ischar  boolean;
  11.    ispunct boolean;
  12.    digitarray varchar2(20);
  13.    punctarray varchar2(25);
  14.    chararray varchar2(52);

  15. BEGIN
  16.    digitarray:= '0123456789';
  17.    chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  18.    punctarray:='!"#$%&()``*+,-/:;<=>?_';

  19.    -- Check if the password is same as the username
  20.    IF NLS_LOWER(password) = NLS_LOWER(username) THEN
  21.      raise_application_error(-20001, 'Password same as or similar to user');
  22.    END IF;

  23.    -- Check for the minimum length of the password
  24.    IF length(password) < 4 THEN
  25.       raise_application_error(-20002, 'Password length less than 4');
  26.    END IF;

  27.    -- Check if the password is too simple. A dictionary of words may be
  28.    -- maintained and a check may be made so as not to allow the words
  29.    -- that are too simple for the password.
  30.    IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN
  31.       raise_application_error(-20002, 'Password too simple');
  32.    END IF;

  33.    -- Check if the password contains at least one letter, one digit and one
  34.    -- punctuation mark.
  35.    -- 1. Check for the digit
  36.    isdigit:=FALSE;
  37.    m := length(password);
  38.    FOR i IN 1..10 LOOP
  39.       FOR j IN 1..m LOOP
  40.          IF substr(password,j,1) = substr(digitarray,i,1) THEN
  41.             isdigit:=TRUE;
  42.              GOTO findchar;
  43.          END IF;
  44.       END LOOP;
  45.    END LOOP;
  46.    IF isdigit = FALSE THEN
  47.       raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
  48.    END IF;
  49.    -- 2. Check for the character
  50.    <<findchar>>
  51.    ischar:=FALSE;
  52.    FOR i IN 1..length(chararray) LOOP
  53.       FOR j IN 1..m LOOP
  54.          IF substr(password,j,1) = substr(chararray,i,1) THEN
  55.             ischar:=TRUE;
  56.              GOTO findpunct;
  57.          END IF;
  58.       END LOOP;
  59.    END LOOP;
  60.    IF ischar = FALSE THEN
  61.       raise_application_error(-20003, 'Password should contain at least one \
  62.               digit, one character and one punctuation');
  63.    END IF;
  64.    -- 3. Check for the punctuation
  65.    <<findpunct>>
  66.    ispunct:=FALSE;
  67.    FOR i IN 1..length(punctarray) LOOP
  68.       FOR j IN 1..m LOOP
  69.          IF substr(password,j,1) = substr(punctarray,i,1) THEN
  70.             ispunct:=TRUE;
  71.              GOTO endsearch;
  72.          END IF;
  73.       END LOOP;
  74.    END LOOP;
  75.    IF ispunct = FALSE THEN
  76.       raise_application_error(-20003, 'Password should contain at least one \
  77.               digit, one character and one punctuation');
  78.    END IF;

  79.    <<endsearch>>
  80.    -- Check if the password differs from the previous password by at least
  81.    -- 3 letters
  82.    IF old_password IS NOT NULL THEN
  83.      differ := length(old_password) - length(password);

  84.      IF abs(differ) < 3 THEN
  85.        IF length(password) < length(old_password) THEN
  86.          m := length(password);
  87.        ELSE
  88.          m := length(old_password);
  89.        END IF;

  90.        differ := abs(differ);
  91.        FOR i IN 1..m LOOP
  92.          IF substr(password,i,1) != substr(old_password,i,1) THEN
  93.            differ := differ + 1;
  94.          END IF;
  95.        END LOOP;

  96.        IF differ < 3 THEN
  97.          raise_application_error(-20004, 'Password should differ by at \
  98.          least 3 characters');
  99.        END IF;
  100.      END IF;
  101.    END IF;
  102.    -- Everything is fine; return TRUE ;   
  103.    RETURN(TRUE);
  104. END;
  105. /

  106. -- This script alters the default parameters for Password Management
  107. -- This means that all the users on the system have Password Management
  108. -- enabled and set to the following values unless another profile is
  109. -- created with parameter values set to different value or UNLIMITED
  110. -- is created and assigned to the user.

  111. -- Enable this if you want older version of the Password Profile parameters
  112. -- ALTER PROFILE DEFAULT LIMIT
  113. -- PASSWORD_LIFE_TIME 60
  114. -- PASSWORD_GRACE_TIME 10
  115. -- PASSWORD_REUSE_TIME 1800
  116. -- PASSWORD_REUSE_MAX UNLIMITED
  117. -- FAILED_LOGIN_ATTEMPTS 3
  118. -- PASSWORD_LOCK_TIME 1/1440
  119. -- PASSWORD_VERIFY_FUNCTION verify_function;
复制代码

AUDIT:
  1. select  * from dba_audit_trail;

  2. select *
  3.   from dba_views  v
  4.   where v.VIEW_NAME='DBA_AUDIT_TRAIL';
  5.   
  6. create tablespace tbsaudit datafile '/u01/app/oracle/oradata/orcl/tbsaudit.dbf'
  7. size 100M;

  8. alter table aud$ move tablespace  tbsaudit;

  9. --------------------------------
  10. select  * from dict where table_name like '%AUDIT%OPTS';

  11. select  * from dba_priv_audit_opts;

  12. select  * from dba_obj_audit_opts  ;

  13. select  * from dba_stmt_audit_opts;

  14. -----

  15. grant select any table to user1;

  16. ---

  17. noaudit select any table by hr;

  18. audit select any table by user1 by access;
  19. ---------------

  20. --------
  21. select  * from dba_audit_trail  order by 5 desc;

  22. ----------------

  23. select  * from dba_audit_trail;

  24. select *
  25.   from dba_views  v
  26.   where v.VIEW_NAME='DBA_AUDIT_TRAIL';
  27.   
  28. create tablespace tbsaudit datafile '/u01/app/oracle/oradata/orcl/tbsaudit.dbf'
  29. size 100M;

  30. alter table aud$ move tablespace  tbsaudit;

  31. --------------------------------
  32. select  * from dict where table_name like '%AUDIT%OPTS';

  33. select  * from dba_priv_audit_opts;

  34. select  * from dba_obj_audit_opts  ;

  35. select  * from dba_stmt_audit_opts;

  36. -----

  37. grant select any table to user1;

  38. ---

  39. noaudit select any table by hr;

  40. audit select any table by user1 by access;
  41. ---------------

  42. --------
  43. select  * from dba_audit_trail  order by 5 desc;
  44. ----

  45. noaudit select any table by user1;
  46. ----------------
  47. audit select any table by user1 by session whenever successful  ;

  48. -------------------------------

  49. select  * from dba_priv_audit_opts;

  50. select  * from dba_obj_audit_opts where owner='HR' ;

  51. select  * from dba_stmt_audit_opts
  52. minus
  53. select  * from dba_priv_audit_opts;

  54. select  * from dba_audit_trail  order by 5 desc;

  55. ---

  56. audit table by hr by access;

  57. ---------------------

  58. select  * from v$xml_audit_trail  order by 6 desc ;

  59. audit  update  on hr.employees;
  60. -----
  61. select  * from dba_common_audit_trail  order by 6 desc;



  62. ------------------


  63. select  * from v$xml_audit_trail     where db_user='HR'  order by 6 desc ;

  64. audit  update  on hr.employees;
  65. -----
  66. select  * from dba_common_audit_trail   where db_user='HR'    order by 6 desc;

  67.    
  68.    begin
  69.       dbms_fga.add_policy(object_schema => 'HR',
  70.       object_name => 'EMPLOYEES',
  71.       policy_name => 'POLICY1',
  72.       audit_condition => 'department_id=20',
  73.       audit_column => 'SALARY,COMMISSION_PCT',
  74.       handler_schema => 'SYS',
  75.       handler_module => 'PROC_FGA',
  76.       enable => true,
  77.       statement_types => 'SELECT,UPDATE',
  78.       audit_trail => dbms_fga.DB_EXTENDED,
  79.       audit_column_opts => dbms_fga.ALL_COLUMNS);
  80.       end;



  81. ----
  82. select   * from dba_audit_policies;

  83. -----
  84. select  sys_context('userenv','os_user')||' '||user||' '
  85.     ||sysdate||' modified '' '||sys_context('userenv','ip_address')
  86.      from dual;



  87. create or replace procedure proc_fga
  88. (p_1 varchar2 , p_2 varchar2 , p_3 varchar2)
  89. is
  90. begin
  91. insert into t_fga values (sys_context('userenv','os_user')||' '||user||' '
  92.     ||sysdate||' modified '' '||sys_context('userenv','ip_address')||p_1||' '||
  93.    p_2||' '||p_3 );
  94. end;


  95. ---------------


  96. create or replace procedure proc_fga
  97. (p_1 varchar2 , p_2 varchar2 , p_3 varchar2)
  98. is
  99. begin
  100. insert into t_fga values (sys_context('userenv','os_user')||' '||user||' '
  101.     ||sysdate||' modified '' '||sys_context('userenv','ip_address')||p_1||' '||
  102.    p_2||' '||p_3 );
  103. end;
  104.   
  105. ------------

  106. select  * from dba_common_audit_trail   where db_user='HR'    order by 6 desc;

  107. ----

  108. select  * from dba_obj_audit_opts o
  109. where o.owner='HR';


  110. select  * from dba_common_audit_trail   where db_user='HR'    order by 6 desc;
  111. -----
  112. create table t_value ( a varchar2(200))  tablespace tbsaudit;

  113. ----

  114. create or replace trigger  trg_value
  115. after update of salary on hr.employees
  116. referencing new as new old as old
  117. for each row
  118. begin
  119.   if :old.salary != :new.salary then
  120.      insert into t_value
  121.       values (  sys_context('userenv','os_user')||
  122.                      ' '||user||'current_user '
  123.                      ||sys_context('userenv','current_user')  
  124.                      ||'session user: '||sys_context('userenv','session_user')
  125.                      ||sysdate||' modified '||:new.salary||' '||:old.salary||' '
  126.                      ||sys_context('userenv','ip_address')    );      
  127.   end if;
  128. end;


  129. select  * from t_value;

  130. ---------------------------


  131. create table t_value ( a varchar2(200))  tablespace tbsaudit;

  132. ----

  133. create or replace trigger  trg_value
  134. after update of salary on hr.employees
  135. referencing new as new old as old
  136. for each row
  137. begin
  138.   if :old.salary != :new.salary then
  139.      insert into t_value
  140.       values (  sys_context('userenv','os_user')||
  141.                      ' '||user||'current_user '
  142.                      ||sys_context('userenv','current_user')  
  143.                      ||'session user: '||sys_context('userenv','session_user')
  144.                      ||sysdate||' modified '||:new.salary||' '||:old.salary||' '
  145.                      ||sys_context('userenv','ip_address')    );      
  146.   end if;
  147. end;


  148. select  * from t_value;

  149. select  * from dba_triggers;

  150. alter trigger trg_value disable;

  151. select  * from dba_source s where s.OWNER='SYS'
  152. and s.NAME='TRG_VALUE';

  153. alter trigger trg_value enable;


复制代码






回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|Bo's Oracle Station   

GMT+8, 2024-12-4 03:21 , Processed in 0.045900 second(s), 24 queries .

快速回复 返回顶部 返回列表