34.A user, who is authenticated externally, logs in to a remote machine and connects to the database
来源:互联网 发布:显示淘宝下架插件 编辑:程序博客网 时间:2024/05/01 08:13
34.A user, who is authenticated externally, logs in to a remote machine and connects to the database
instance. What action would you take to ensure that a user cannot connect to the database instance by
merely logging in to a remote machine?
A.Set REMOTE_OS_ROLES to FALSE.
B.Set the OS_ROLES parameter to FALSE.
C.Set the REMOTE_OS_AUTHENT parameter to FALSE.
D.Set the REMOTE_LOGIN_PASSWORD_FILE parameter to NONE.
答案:C
解析:
REMOTE_OS_AUTHENT Value Consequences
1.TRUE for the remote database
An externally-authenticated user can connect to the remote database using a connected user database link.
2.FALSE for the remote database
An externally-authenticated user cannot connect to the remote database using a connected user database link unless a secure protocol or a network authentication service supported by the Oracle Advanced Security option is used.
一、REMOTE_OS_AUTHENT
这里先说一下什么是authenticated externally,这个是外部认证,也就是操作系统认证,也就是操作系统验证通过后不再需要数据库对其进行验证,
这里有个前缀也就是os_authent_prefix参数,默认为OPS$,如果操作系统账户为oracle那么对应的数据库账户就是ops$oracle
这里我们测试一下
SQL> show parameter os_authent
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix string ops$
remote_os_authent boolean TRUE
--建立用户
SQL> create user ops$oracle identified by oracle;
User created.
--赋予权限
SQL> grant connect,resource to ops$oracle;
Grant succeeded.
--测试是否可以登录
SQL> conn ops$oracle/oracle
Connected.
--显示当前操作系统用户
[oracle@wahaha3 ~]$ echo $USER
oracle
--进行成功登陆
[oracle@wahaha3 ~]$ sqlplus /@test
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jul 16 06:25:13 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
--显示登陆账户
SQL> show user
USER is "OPS$ORACLE"
--验证从其他机器上连接
[oracle@wahaha7 admin]$ sqlplus /@test3
SQL>
--将remote_os_authent修改为false
SQL> conn / as sysdba
Connected.
SQL> alter system set remote_os_authent=false scope=spfile;
System altered.
--重启
SQL> startup force;
--验证登陆
[oracle@wahaha3 ~]$ sqlplus /@test
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jul 16 06:28:32 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
二、REMOTE_OS_ROLES
REMOTE_OS_ROLES specifies whether operating system roles are allowed for remote clients. The default value, false, causes Oracle to identify and manage roles for remote clients.
三、OS_ROLES
OS_ROLES determines whether Oracle or the operating system identifies and manages the roles of each username.
四、REMOTE_LOGIN_PASSWORD_FILE
这里应该是remote_login_passwordfile
SQL> show parameter remote_login_passwordfile
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
--如果这个值为none的时候,那么远程就不能使用管理员了,只有普通用户可以登录了
--如果为shared,那么管理员可以登录但是不能修改密码了(包括其他用户)
--修改配置
SQL> alter system set remote_login_passwordfile=NONE scope=spfile;
System altered.
--重启
SQL> startup force;
--普通用户登录
[oracle@wahaha3 ~]$ sqlplus scott/tiger@wahaha3
SQL>
--管理员登录
[oracle@wahaha3 ~]$ sqlplus sys/oracle@wahaha3 as sysdba
ORA-01017: invalid username/password; logon denied
Enter user-name:
--修改为shared
SQL> alter system set remote_login_passwordfile=shared scope=spfile;
--重启
SQL> startup force;
--登陆
[oracle@wahaha3 ~]$ sqlplus sys/oracle@wahaha3 as sysdba
SQL>
--修改密码
SQL> alter user sys identified by sys;
alter user sys identified by sys
*
ERROR at line 1:
ORA-28046: Password change for SYS disallowed
--修改普通用户密码
SQL> alter user scott identified by tiger;
alter user scott identified by tiger
*
ERROR at line 1:
ORA-01999: password file cannot be updated in SHARED mode
instance. What action would you take to ensure that a user cannot connect to the database instance by
merely logging in to a remote machine?
A.Set REMOTE_OS_ROLES to FALSE.
B.Set the OS_ROLES parameter to FALSE.
C.Set the REMOTE_OS_AUTHENT parameter to FALSE.
D.Set the REMOTE_LOGIN_PASSWORD_FILE parameter to NONE.
答案:C
解析:
REMOTE_OS_AUTHENT Value Consequences
1.TRUE for the remote database
An externally-authenticated user can connect to the remote database using a connected user database link.
2.FALSE for the remote database
An externally-authenticated user cannot connect to the remote database using a connected user database link unless a secure protocol or a network authentication service supported by the Oracle Advanced Security option is used.
一、REMOTE_OS_AUTHENT
这里先说一下什么是authenticated externally,这个是外部认证,也就是操作系统认证,也就是操作系统验证通过后不再需要数据库对其进行验证,
这里有个前缀也就是os_authent_prefix参数,默认为OPS$,如果操作系统账户为oracle那么对应的数据库账户就是ops$oracle
这里我们测试一下
SQL> show parameter os_authent
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix string ops$
remote_os_authent boolean TRUE
--建立用户
SQL> create user ops$oracle identified by oracle;
User created.
--赋予权限
SQL> grant connect,resource to ops$oracle;
Grant succeeded.
--测试是否可以登录
SQL> conn ops$oracle/oracle
Connected.
--显示当前操作系统用户
[oracle@wahaha3 ~]$ echo $USER
oracle
--进行成功登陆
[oracle@wahaha3 ~]$ sqlplus /@test
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jul 16 06:25:13 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
--显示登陆账户
SQL> show user
USER is "OPS$ORACLE"
--验证从其他机器上连接
[oracle@wahaha7 admin]$ sqlplus /@test3
SQL>
--将remote_os_authent修改为false
SQL> conn / as sysdba
Connected.
SQL> alter system set remote_os_authent=false scope=spfile;
System altered.
--重启
SQL> startup force;
--验证登陆
[oracle@wahaha3 ~]$ sqlplus /@test
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jul 16 06:28:32 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
二、REMOTE_OS_ROLES
REMOTE_OS_ROLES specifies whether operating system roles are allowed for remote clients. The default value, false, causes Oracle to identify and manage roles for remote clients.
三、OS_ROLES
OS_ROLES determines whether Oracle or the operating system identifies and manages the roles of each username.
四、REMOTE_LOGIN_PASSWORD_FILE
这里应该是remote_login_passwordfile
SQL> show parameter remote_login_passwordfile
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
--如果这个值为none的时候,那么远程就不能使用管理员了,只有普通用户可以登录了
--如果为shared,那么管理员可以登录但是不能修改密码了(包括其他用户)
--修改配置
SQL> alter system set remote_login_passwordfile=NONE scope=spfile;
System altered.
--重启
SQL> startup force;
--普通用户登录
[oracle@wahaha3 ~]$ sqlplus scott/tiger@wahaha3
SQL>
--管理员登录
[oracle@wahaha3 ~]$ sqlplus sys/oracle@wahaha3 as sysdba
ORA-01017: invalid username/password; logon denied
Enter user-name:
--修改为shared
SQL> alter system set remote_login_passwordfile=shared scope=spfile;
--重启
SQL> startup force;
--登陆
[oracle@wahaha3 ~]$ sqlplus sys/oracle@wahaha3 as sysdba
SQL>
--修改密码
SQL> alter user sys identified by sys;
alter user sys identified by sys
*
ERROR at line 1:
ORA-28046: Password change for SYS disallowed
--修改普通用户密码
SQL> alter user scott identified by tiger;
alter user scott identified by tiger
*
ERROR at line 1:
ORA-01999: password file cannot be updated in SHARED mode
0 0
- 34.A user, who is authenticated externally, logs in to a remote machine and connects to the database
- TIP: when you get a message in job log user [Dr. Who] is not authorized to view the log
- How to grant access to SQL logins on a standby database when the guest user is disabled in SQL Serve
- error : A file found in a source-path must have an externally visible definition. If a definition in the file is meant to be ext
- [解决] User [dr.who] is not authorized to view the logs for application
- 81.You are currently located in Singapore and have connected to a remote database in Chicago.
- A read-only user or a user in a read-only database is not permitted to disable
- How to determine who is logged on to a database by using Microsoft Jet UserRoster in Access 2000
- 166 You are managing a 24*7 database. The backup strategy for the database is to perform user-manage
- 129.A database user SMITH tries to query the V$SESSION view and fails to access it as follows:
- How to create a remote desktop user
- 186.User A executes the following command to drop a large table in your database: SQL> DROP TABLE tr
- HIVE A read-only user or a user in a read-only database is not permitted to disable read-only mode
- Failed to create the Java Virtual Machine;the connection to adb is down and a severe error has occur
- How-To create a MySQL database and set privileges to a user
- [TroubleShooting] The remote copy of database xx has not been rolled forward to a point in time
- SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user
- how to use a SQLite database in a standalone program with an HTML interface and VBScript as the programming language
- javascript性能优化-repaint和reflow
- secureCRT+secureFX相关
- centos 6.5 搭建 redis
- 安卓jni开发demo
- hibernate中的属性参数详解
- 34.A user, who is authenticated externally, logs in to a remote machine and connects to the database
- 身份证工具类IdcardUtils
- poj 2886-Who Gets the Most Candies?(线段树)
- ubuntu上安装vim编译器
- Android 中 Bitmap 和 Drawable
- Redis常用数据类型
- 剑指offer 44题 【抽象建模能力】扑克牌的顺序
- 通过二叉树的遍历理解递归
- javascript 图片转base64