“As of Oracle Database 12c Release 2, the SEC_CASE_SENSITIVE_LOGON parameter is deprecated. Case-sensitive passwords are always enforced and cannot be disabled.”
迁移建议
升级到12c+的处理方案:
-- 1. 检查现有密码兼容性
SELECT username FROM dba_users
WHERE password_versions NOT LIKE '%12%';
-- 2. 批量重置密码(如需)
BEGIN
FOR r IN (SELECT username FROM dba_users WHERE account_status='OPEN') LOOP
EXECUTE IMMEDIATE 'ALTER USER '||r.username||' IDENTIFIED BY "NewPass123"';
END LOOP;
END;
ALTER SYSTEM SET ldap_directory_access = 'PASSWORD';
配置全局认证模块:
-- 使用Oracle Kerberos适配器
实施代理认证:
ALTER USER app_user GRANT CONNECT THROUGH proxy_user;
检查当前版本实际行为的方法
-- 方法1:测试密码敏感性(需实际尝试)
DECLARE
v_count NUMBER;
BEGIN
BEGIN
EXECUTE IMMEDIATE 'CREATE USER testuser IDENTIFIED BY "Test123"';
EXECUTE IMMEDIATE 'GRANT CREATE SESSION TO testuser';
BEGIN
EXECUTE IMMEDIATE 'CONNECT testuser/test123';
DBMS_OUTPUT.PUT_LINE('Case-insensitive allowed (unexpected)');
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Case-sensitive enforced (expected)');
END;
EXECUTE IMMEDIATE 'DROP USER testuser';
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Setup failed: '||SQLERRM);
END;
END;
/
-- 方法2:检查参数元数据(12c+)
SELECT name, isdeprecated, description
FROM v$parameter
WHERE name = 'sec_case_sensitive_logon';
|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛
( 渝ICP备12004239号-4 )
发表于 2025-9-28 11:07:42
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
支持
反对