记录了什么内容呢,会不会把我们的密码泄漏呢?
密码文件是一个二进制文件是不能直接查看的,Linux上可以使用strings命令查看
[oracle@rhel6 dbs]$ strings orapworcl
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
mHD2
从输出可以看出密码文件中没有使用明文记录我们的密码而是记录了一些串码。
其实这个密码文件还和数据库中的一个视图v$pwfile_users有一些关系
V$PWFILE_USERS lists all users in the password file, and indicates whether the user has been granted the SYSDBA, SYSOPER, and SYSASM privileges.
USERNAME VARCHAR2(30) Name of the user that is contained in the password file
SYSDBA VARCHAR2(5) Indicates whether the user can connect with SYSDBA privileges (TRUE) or not (FALSE)
SYSOPER VARCHAR2(5) Indicates whether the user can connect with SYSOPER privileges (TRUE) or not (FALSE)
SYSASM VARCHAR2(5) Indicates whether the user can connect with SYSASM privileges (TRUE) or not (FALSE)
sys@ORCL>select * from v$pwfile_users;
USERNAME SYSDBA SYSOPER SYSASM
------------------------------------------------------------------------------------------ --------------- --------------- ---------------
SYS TRUE TRUE FALSE
--给用户zx赋予SYSDBA权限可以看到v$pwfile_users多了一条记录,而密码文件orapworcl也多了一行串码。
sys@ORCL>grant sysdba to zx;
Grant succeeded.
sys@ORCL>select * from v$pwfile_users;
USERNAME SYSDBA SYSOPER SYSASM
------------------------------------------------------------------------------------------ --------------- --------------- ---------------
SYS TRUE TRUE FALSE
ZX TRUE FALSE FALSE
sys@ORCL>!strings /u02/app/oracle/product/11.2.4/db1/dbs/orapworcl
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
mHD2
7B06550956254585
--给用户zx赋予SYSOPER的权限,可以看到v$pwfile_users的zx行状态发生了变化,但是orapworcl没有变化
sys@ORCL>grant sysoper to zx;
Grant succeeded.
sys@ORCL>select * from v$pwfile_users;
USERNAME SYSDBA SYSOPER SYSASM
------------------------------------------------------------------------------------------ --------------- --------------- ---------------
SYS TRUE TRUE FALSE
ZX TRUE TRUE FALSE
sys@ORCL>!strings /u02/app/oracle/product/11.2.4/db1/dbs/orapworcl
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
mHD2
7B06550956254585
--移除密码文件再移回来,移除密码文件后v$pwfile_users变为空,移回后v$pwfile_users又有记录。
sys@ORCL>! mv /u02/app/oracle/product/11.2.4/db1/dbs/orapworcl /u02/app/oracle/product/11.2.4/db1/dbs/orapworcl_orcl
sys@ORCL>select * from v$pwfile_users;
no rows selected
sys@ORCL>! mv /u02/app/oracle/product/11.2.4/db1/dbs/orapworcl_orcl /u02/app/oracle/product/11.2.4/db1/dbs/orapworcl
sys@ORCL>select * from v$pwfile_users;
USERNAME SYSDBA SYSOPER SYSASM
------------------------------------------------------------------------------------------ --------------- --------------- ---------------
SYS TRUE TRUE FALSE
ZX TRUE TRUE FALSE
--测试zx用户远程以SYSDBA登录
C:\Users\victor>sqlplus zx/zx@orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on 星期四 12月 15 22:34:09 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
连接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.