联系:手机/微信(+86 17813235971) QQ(107644445)
标题:sys用户密码含$ sqlplus登录数据库诡异事件分析
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
[oracle@ECP-UC-DB1 ~]$ sqlplus / as sysdba SQL*Plus: Release 10.2.0.4.0 - Production on Mon Oct 17 23:37:51 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> alter user sys identified by "ab$"; User altered. SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options [oracle@ECP-UC-DB1 ~]$ sqlplus sys/ab$ as sysdba SQL*Plus: Release 10.2.0.4.0 - Production on Mon Oct 17 23:38:53 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> show parameter name; NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ db_file_name_convert string db_name string test db_unique_name string test global_names boolean FALSE instance_name string test lock_name_space string log_file_name_convert string service_names string test SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options [oracle@ECP-UC-DB1 ~]$ sqlplus sys/ab$abc as sysdba SQL*Plus: Release 10.2.0.4.0 - Production on Mon Oct 17 23:39:05 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options [oracle@ECP-UC-DB1 ~]$ sqlplus sys/ab$@abc as sysdba SQL*Plus: Release 10.2.0.4.0 - Production on Mon Oct 17 23:40:06 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> show parameter name; NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ db_file_name_convert string db_name string test db_unique_name string test global_names boolean FALSE instance_name string test lock_name_space string log_file_name_convert string service_names string test SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options [oracle@ECP-UC-DB1 ~]$ sqlplus sys/ab$@abc11 as sysdba SQL*Plus: Release 10.2.0.4.0 - Production on Mon Oct 17 23:44:11 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> show parameter name; NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ db_file_name_convert string db_name string test db_unique_name string test global_names boolean FALSE instance_name string test lock_name_space string log_file_name_convert string service_names string test SQL>
通过以上sql发现,把sys的密码改为ab$后,无论是什么tns都可以登录数据库,而且都是本地数据库,是不是感觉很诡异,其实你仔细观察发现,密码中有了$,使得$@的操作都变成了无效的,其实就是sqlplus sys/123(随意) as sysdba方式登录本地数据库
[oracle@ECP-UC-DB1 ~]$ sqlplus sys/123 as sysdba SQL*Plus: Release 10.2.0.4.0 - Production on Mon Oct 17 23:48:23 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL>
这个太容易解释了,文件,$符号代表什么吧
在linux/unix中$一般是表示变量的时候使用,如果没有定义这个变量就是为空,所以导致密码不对