课程第50/51次（2017-07-08星期六上下午）

botang

上完1Z0-052第11章
开始导入和导出
1Z0-052共19章（上完16章），1Z0-053共21章（上完17章）和1Z0-063多租户部分共9章（上完0章）
总共上完全部49章中的33章

1. select  u.USERNAME,u.ACCOUNT_STATUS,u.EXPIRY_DATE,u.LOCK_DATE
   
2. from dba_users u
   
3. where u.USERNAME='HR';
   
4. 
   
5.          
   
6.                         
   
7. ALTER PROFILE "PROFILE1" LIMIT PASSWORD_REUSE_MAX 1
   
8. PASSWORD_REUSE_TIME 0.013888889;
   
9. 
   
10. 
    
11. 
    
12. select  * from dba_profiles p where p.RESOURCE_TYPE='PASSWORD'
    
13. and p.PROFILE='PROFILE1';

复制代码

1. CREATE OR REPLACE FUNCTION verify_function_11G
   
2. (username varchar2,
   
3.   password varchar2,
   
4.   old_password varchar2)
   
5.   RETURN boolean IS
   
6.    n boolean;
   
7.    m integer;
   
8.    differ integer;
   
9.    isdigit boolean;
   
10.    ischar  boolean;
    
11.    ispunct boolean;
    
12.    db_name varchar2(40);
    
13.    digitarray varchar2(20);
    
14.    punctarray varchar2(25);
    
15.    chararray varchar2(52);
    
16.    i_char varchar2(10);
    
17.    simple_password varchar2(10);
    
18.    reverse_user varchar2(32);
    
19. 
    
20. BEGIN
    
21.    digitarray:= '0123456789';
    
22.    chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    
23. 
    
24.    -- Check for the minimum length of the password
    
25.    IF length(password) < 8 THEN
    
26.       raise_application_error(-20001, 'Password length less than 8');
    
27.    END IF;
    
28. 
    
29. 
    
30.    -- Check if the password is same as the username or username(1-100)
    
31.    IF NLS_LOWER(password) = NLS_LOWER(username) THEN
    
32.      raise_application_error(-20002, 'Password same as or similar to user');
    
33.    END IF;
    
34.    FOR i IN 1..100 LOOP
    
35.       i_char := to_char(i);
    
36.       if NLS_LOWER(username)|| i_char = NLS_LOWER(password) THEN
    
37.         raise_application_error(-20005, 'Password same as or similar to user name ');
    
38.       END IF;
    
39.     END LOOP;
    
40. 
    
41.    -- Check if the password is same as the username reversed
    
42.    
    
43.    FOR i in REVERSE 1..length(username) LOOP
    
44.      reverse_user := reverse_user || substr(username, i, 1);
    
45.    END LOOP;
    
46.    IF NLS_LOWER(password) = NLS_LOWER(reverse_user) THEN
    
47.      raise_application_error(-20003, 'Password same as username reversed');
    
48.    END IF;
    
49. 
    
50.    -- Check if the password is the same as server name and or servername(1-100)
    
51.    select name into db_name from sys.v$database;
    
52.    if NLS_LOWER(db_name) = NLS_LOWER(password) THEN
    
53.       raise_application_error(-20004, 'Password same as or similar to server name');
    
54.    END IF;
    
55.    FOR i IN 1..100 LOOP
    
56.       i_char := to_char(i);
    
57.       if NLS_LOWER(db_name)|| i_char = NLS_LOWER(password) THEN
    
58.         raise_application_error(-20005, 'Password same as or similar to server name ');
    
59.       END IF;
    
60.     END LOOP;
    
61. 
    
62.    -- Check if the password is too simple. A dictionary of words may be
    
63.    -- maintained and a check may be made so as not to allow the words
    
64.    -- that are too simple for the password.
    
65.    IF NLS_LOWER(password) IN ('welcome1', 'database1', 'account1', 'user1234', 'password1', 'oracle123', 'computer1', 'abcdefg1', 'change_on_install') THEN
    
66.       raise_application_error(-20006, 'Password too simple');
    
67.    END IF;
    
68. 
    
69.    -- Check if the password is the same as oracle (1-100)
    
70.     simple_password := 'oracle';
    
71.     FOR i IN 1..100 LOOP
    
72.       i_char := to_char(i);
    
73.       if simple_password || i_char = NLS_LOWER(password) THEN
    
74.         raise_application_error(-20007, 'Password too simple ');
    
75.       END IF;
    
76.     END LOOP;
    
77. 
    
78.    -- Check if the password contains at least one letter, one digit
    
79.    -- 1. Check for the digit
    
80.    isdigit:=FALSE;
    
81.    m := length(password);
    
82.    FOR i IN 1..10 LOOP
    
83.       FOR j IN 1..m LOOP
    
84.          IF substr(password,j,1) = substr(digitarray,i,1) THEN
    
85.             isdigit:=TRUE;
    
86.              GOTO findchar;
    
87.          END IF;
    
88.       END LOOP;
    
89.    END LOOP;
    
90. 
    
91.    IF isdigit = FALSE THEN
    
92.       raise_application_error(-20008, 'Password must contain at least one digit, one character');
    
93.    END IF;
    
94.    -- 2. Check for the character
    
95.    <<findchar>>
    
96.    ischar:=FALSE;
    
97.    FOR i IN 1..length(chararray) LOOP
    
98.       FOR j IN 1..m LOOP
    
99.          IF substr(password,j,1) = substr(chararray,i,1) THEN
    
100.             ischar:=TRUE;
     
101.              GOTO endsearch;
     
102.          END IF;
     
103.       END LOOP;
     
104.    END LOOP;
     
105.    IF ischar = FALSE THEN
     
106.       raise_application_error(-20009, 'Password must contain at least one \
     
107.               digit, and one character');
     
108.    END IF;
     
109. 
     
110. 
     
111.    <<endsearch>>
     
112.    -- Check if the password differs from the previous password by at least
     
113.    -- 3 letters
     
114.    IF old_password IS NOT NULL THEN
     
115.      differ := length(old_password) - length(password);
     
116. 
     
117.      differ := abs(differ);
     
118.      IF differ < 3 THEN
     
119.        IF length(password) < length(old_password) THEN
     
120.          m := length(password);
     
121.        ELSE
     
122.          m := length(old_password);
     
123.        END IF;
     
124. 
     
125.        FOR i IN 1..m LOOP
     
126.          IF substr(password,i,1) != substr(old_password,i,1) THEN
     
127.            differ := differ + 1;
     
128.          END IF;
     
129.        END LOOP;
     
130. 
     
131.        IF differ < 3 THEN
     
132.          raise_application_error(-20011, 'Password should differ from the \
     
133.             old password by at least 3 characters');
     
134.        END IF;
     
135.      END IF;
     
136.    END IF;
     
137.    -- Everything is fine; return TRUE ;   
     
138.    RETURN(TRUE);
     
139. END;
     
140. /

复制代码

1. CREATE OR REPLACE FUNCTION verify_function
   
2. (username varchar2,
   
3.   password varchar2,
   
4.   old_password varchar2)
   
5.   RETURN boolean IS
   
6.    n boolean;
   
7.    m integer;
   
8.    differ integer;
   
9.    isdigit boolean;
   
10.    ischar  boolean;
    
11.    ispunct boolean;
    
12.    digitarray varchar2(20);
    
13.    punctarray varchar2(25);
    
14.    chararray varchar2(52);
    
15. 
    
16. BEGIN
    
17.    digitarray:= '0123456789';
    
18.    chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    
19.    punctarray:='!"#$%&()``*+,-/:;<=>?_';
    
20. 
    
21.    -- Check if the password is same as the username
    
22.    IF NLS_LOWER(password) = NLS_LOWER(username) THEN
    
23.      raise_application_error(-20001, 'Password same as or similar to user');
    
24.    END IF;
    
25. 
    
26.    -- Check for the minimum length of the password
    
27.    IF length(password) < 4 THEN
    
28.       raise_application_error(-20002, 'Password length less than 4');
    
29.    END IF;
    
30. 
    
31.    -- Check if the password is too simple. A dictionary of words may be
    
32.    -- maintained and a check may be made so as not to allow the words
    
33.    -- that are too simple for the password.
    
34.    IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN
    
35.       raise_application_error(-20002, 'Password too simple');
    
36.    END IF;
    
37. 
    
38.    -- Check if the password contains at least one letter, one digit and one
    
39.    -- punctuation mark.
    
40.    -- 1. Check for the digit
    
41.    isdigit:=FALSE;
    
42.    m := length(password);
    
43.    FOR i IN 1..10 LOOP
    
44.       FOR j IN 1..m LOOP
    
45.          IF substr(password,j,1) = substr(digitarray,i,1) THEN
    
46.             isdigit:=TRUE;
    
47.              GOTO findchar;
    
48.          END IF;
    
49.       END LOOP;
    
50.    END LOOP;
    
51.    IF isdigit = FALSE THEN
    
52.       raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
    
53.    END IF;
    
54.    -- 2. Check for the character
    
55.    <<findchar>>
    
56.    ischar:=FALSE;
    
57.    FOR i IN 1..length(chararray) LOOP
    
58.       FOR j IN 1..m LOOP
    
59.          IF substr(password,j,1) = substr(chararray,i,1) THEN
    
60.             ischar:=TRUE;
    
61.              GOTO findpunct;
    
62.          END IF;
    
63.       END LOOP;
    
64.    END LOOP;
    
65.    IF ischar = FALSE THEN
    
66.       raise_application_error(-20003, 'Password should contain at least one \
    
67.               digit, one character and one punctuation');
    
68.    END IF;
    
69.    -- 3. Check for the punctuation
    
70.    <<findpunct>>
    
71.    ispunct:=FALSE;
    
72.    FOR i IN 1..length(punctarray) LOOP
    
73.       FOR j IN 1..m LOOP
    
74.          IF substr(password,j,1) = substr(punctarray,i,1) THEN
    
75.             ispunct:=TRUE;
    
76.              GOTO endsearch;
    
77.          END IF;
    
78.       END LOOP;
    
79.    END LOOP;
    
80.    IF ispunct = FALSE THEN
    
81.       raise_application_error(-20003, 'Password should contain at least one \
    
82.               digit, one character and one punctuation');
    
83.    END IF;
    
84. 
    
85.    <<endsearch>>
    
86.    -- Check if the password differs from the previous password by at least
    
87.    -- 3 letters
    
88.    IF old_password IS NOT NULL THEN
    
89.      differ := length(old_password) - length(password);
    
90. 
    
91.      IF abs(differ) < 3 THEN
    
92.        IF length(password) < length(old_password) THEN
    
93.          m := length(password);
    
94.        ELSE
    
95.          m := length(old_password);
    
96.        END IF;
    
97. 
    
98.        differ := abs(differ);
    
99.        FOR i IN 1..m LOOP
    
100.          IF substr(password,i,1) != substr(old_password,i,1) THEN
     
101.            differ := differ + 1;
     
102.          END IF;
     
103.        END LOOP;
     
104. 
     
105.        IF differ < 3 THEN
     
106.          raise_application_error(-20004, 'Password should differ by at \
     
107.          least 3 characters');
     
108.        END IF;
     
109.      END IF;
     
110.    END IF;
     
111.    -- Everything is fine; return TRUE ;   
     
112.    RETURN(TRUE);
     
113. END;
     
114. /
     
115. 
     
116. -- This script alters the default parameters for Password Management
     
117. -- This means that all the users on the system have Password Management
     
118. -- enabled and set to the following values unless another profile is
     
119. -- created with parameter values set to different value or UNLIMITED
     
120. -- is created and assigned to the user.
     
121. 
     
122. -- Enable this if you want older version of the Password Profile parameters
     
123. -- ALTER PROFILE DEFAULT LIMIT
     
124. -- PASSWORD_LIFE_TIME 60
     
125. -- PASSWORD_GRACE_TIME 10
     
126. -- PASSWORD_REUSE_TIME 1800
     
127. -- PASSWORD_REUSE_MAX UNLIMITED
     
128. -- FAILED_LOGIN_ATTEMPTS 3
     
129. -- PASSWORD_LOCK_TIME 1/1440
     
130. -- PASSWORD_VERIFY_FUNCTION verify_function;

复制代码

AUDIT：

1. select  * from dba_audit_trail;
   
2. 
   
3. select *
   
4.   from dba_views  v
   
5.   where v.VIEW_NAME='DBA_AUDIT_TRAIL';
   
6.   
   
7. create tablespace tbsaudit datafile '/u01/app/oracle/oradata/orcl/tbsaudit.dbf'
   
8. size 100M;
   
9. 
   
10. alter table aud$ move tablespace  tbsaudit;
    
11. 
    
12. --------------------------------
    
13. select  * from dict where table_name like '%AUDIT%OPTS';
    
14. 
    
15. select  * from dba_priv_audit_opts;
    
16. 
    
17. select  * from dba_obj_audit_opts  ;
    
18. 
    
19. select  * from dba_stmt_audit_opts;
    
20. 
    
21. -----
    
22. 
    
23. grant select any table to user1;
    
24. 
    
25. ---
    
26. 
    
27. noaudit select any table by hr;
    
28. 
    
29. audit select any table by user1 by access;
    
30. ---------------
    
31. 
    
32. --------
    
33. select  * from dba_audit_trail  order by 5 desc;
    
34. 
    
35. ----------------
    
36. 
    
37. select  * from dba_audit_trail;
    
38. 
    
39. select *
    
40.   from dba_views  v
    
41.   where v.VIEW_NAME='DBA_AUDIT_TRAIL';
    
42.   
    
43. create tablespace tbsaudit datafile '/u01/app/oracle/oradata/orcl/tbsaudit.dbf'
    
44. size 100M;
    
45. 
    
46. alter table aud$ move tablespace  tbsaudit;
    
47. 
    
48. --------------------------------
    
49. select  * from dict where table_name like '%AUDIT%OPTS';
    
50. 
    
51. select  * from dba_priv_audit_opts;
    
52. 
    
53. select  * from dba_obj_audit_opts  ;
    
54. 
    
55. select  * from dba_stmt_audit_opts;
    
56. 
    
57. -----
    
58. 
    
59. grant select any table to user1;
    
60. 
    
61. ---
    
62. 
    
63. noaudit select any table by hr;
    
64. 
    
65. audit select any table by user1 by access;
    
66. ---------------
    
67. 
    
68. --------
    
69. select  * from dba_audit_trail  order by 5 desc;
    
70. ----
    
71. 
    
72. noaudit select any table by user1;
    
73. ----------------
    
74. audit select any table by user1 by session whenever successful  ;
    
75. 
    
76. -------------------------------
    
77. 
    
78. select  * from dba_priv_audit_opts;
    
79. 
    
80. select  * from dba_obj_audit_opts where owner='HR' ;
    
81. 
    
82. select  * from dba_stmt_audit_opts
    
83. minus
    
84. select  * from dba_priv_audit_opts;
    
85. 
    
86. select  * from dba_audit_trail  order by 5 desc;
    
87. 
    
88. ---
    
89. 
    
90. audit table by hr by access;
    
91. 
    
92. ---------------------
    
93. 
    
94. select  * from v$xml_audit_trail  order by 6 desc ;
    
95. 
    
96. audit  update  on hr.employees;
    
97. -----
    
98. select  * from dba_common_audit_trail  order by 6 desc;
    
99. 
    
100. 
     
101. 
     
102. ------------------
     
103. 
     
104. 
     
105. select  * from v$xml_audit_trail     where db_user='HR'  order by 6 desc ;
     
106. 
     
107. audit  update  on hr.employees;
     
108. -----
     
109. select  * from dba_common_audit_trail   where db_user='HR'    order by 6 desc;
     
110. 
     
111.    
     
112.    begin
     
113.       dbms_fga.add_policy(object_schema => 'HR',
     
114.       object_name => 'EMPLOYEES',
     
115.       policy_name => 'POLICY1',
     
116.       audit_condition => 'department_id=20',
     
117.       audit_column => 'SALARY,COMMISSION_PCT',
     
118.       handler_schema => 'SYS',
     
119.       handler_module => 'PROC_FGA',
     
120.       enable => true,
     
121.       statement_types => 'SELECT,UPDATE',
     
122.       audit_trail => dbms_fga.DB_EXTENDED,
     
123.       audit_column_opts => dbms_fga.ALL_COLUMNS);
     
124.       end;
     
125. 
     
126. 
     
127. 
     
128. ----
     
129. select   * from dba_audit_policies;
     
130. 
     
131. -----
     
132. select  sys_context('userenv','os_user')||' '||user||' '
     
133.     ||sysdate||' modified '' '||sys_context('userenv','ip_address')
     
134.      from dual;
     
135. 
     
136. 
     
137. 
     
138. create or replace procedure proc_fga
     
139. (p_1 varchar2 , p_2 varchar2 , p_3 varchar2)
     
140. is
     
141. begin
     
142. insert into t_fga values (sys_context('userenv','os_user')||' '||user||' '
     
143.     ||sysdate||' modified '' '||sys_context('userenv','ip_address')||p_1||' '||
     
144.    p_2||' '||p_3 );
     
145. end;
     
146. 
     
147. 
     
148. ---------------
     
149. 
     
150. 
     
151. create or replace procedure proc_fga
     
152. (p_1 varchar2 , p_2 varchar2 , p_3 varchar2)
     
153. is
     
154. begin
     
155. insert into t_fga values (sys_context('userenv','os_user')||' '||user||' '
     
156.     ||sysdate||' modified '' '||sys_context('userenv','ip_address')||p_1||' '||
     
157.    p_2||' '||p_3 );
     
158. end;
     
159.   
     
160. ------------
     
161. 
     
162. select  * from dba_common_audit_trail   where db_user='HR'    order by 6 desc;
     
163. 
     
164. ----
     
165. 
     
166. select  * from dba_obj_audit_opts o
     
167. where o.owner='HR';
     
168. 
     
169. 
     
170. select  * from dba_common_audit_trail   where db_user='HR'    order by 6 desc;
     
171. -----
     
172. create table t_value ( a varchar2(200))  tablespace tbsaudit;
     
173. 
     
174. ----
     
175. 
     
176. create or replace trigger  trg_value
     
177. after update of salary on hr.employees
     
178. referencing new as new old as old
     
179. for each row
     
180. begin
     
181.   if :old.salary != :new.salary then
     
182.      insert into t_value
     
183.       values (  sys_context('userenv','os_user')||
     
184.                      ' '||user||'current_user '
     
185.                      ||sys_context('userenv','current_user')  
     
186.                      ||'session user: '||sys_context('userenv','session_user')
     
187.                      ||sysdate||' modified '||:new.salary||' '||:old.salary||' '
     
188.                      ||sys_context('userenv','ip_address')    );      
     
189.   end if;
     
190. end;
     
191. 
     
192. 
     
193. select  * from t_value;
     
194. 
     
195. ---------------------------
     
196. 
     
197. 
     
198. create table t_value ( a varchar2(200))  tablespace tbsaudit;
     
199. 
     
200. ----
     
201. 
     
202. create or replace trigger  trg_value
     
203. after update of salary on hr.employees
     
204. referencing new as new old as old
     
205. for each row
     
206. begin
     
207.   if :old.salary != :new.salary then
     
208.      insert into t_value
     
209.       values (  sys_context('userenv','os_user')||
     
210.                      ' '||user||'current_user '
     
211.                      ||sys_context('userenv','current_user')  
     
212.                      ||'session user: '||sys_context('userenv','session_user')
     
213.                      ||sysdate||' modified '||:new.salary||' '||:old.salary||' '
     
214.                      ||sys_context('userenv','ip_address')    );      
     
215.   end if;
     
216. end;
     
217. 
     
218. 
     
219. select  * from t_value;
     
220. 
     
221. select  * from dba_triggers;
     
222. 
     
223. alter trigger trg_value disable;
     
224. 
     
225. select  * from dba_source s where s.OWNER='SYS'
     
226. and s.NAME='TRG_VALUE';
     
227. 
     
228. alter trigger trg_value enable;
     
229. 
     
230. 
     

复制代码