数据库中批量错误用户名与密码导致业务用户HANG住怎么办

79次阅读
没有评论

共计 3622 个字符,预计需要花费 10 分钟才能阅读完成。

丸趣 TV 小编给大家分享一下数据库中批量错误用户名与密码导致业务用户 HANG 住怎么办,相信大部分人都还不怎么了解,因此分享这篇文章给大家参考一下,希望大家阅读完这篇文章后大有收获,下面让我们一起去了解一下吧!

数据库版本
SQL select * from v$version;

BANNER
——————————————————————————–
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
PL/SQL Release 11.2.0.3.0 – Production
CORE  11.2.0.3.0  Production
TNS for HPUX: Version 11.2.0.3.0 – Production
NLSRTL Version 11.2.0.3.0 – Production

问题如下
SQL conn doudou/oracle(HANG 住了)

查看等待事件
select
count(*),
CASE WHEN state != WAITING THEN WORKING
ELSE WAITING
END AS state,
CASE WHEN state != WAITING THEN On CPU / runqueue
ELSE event
END AS sw_event
FROM
v$session_wait
GROUP BY
CASE WHEN state != WAITING THEN WORKING
ELSE WAITING
END,
CASE WHEN state != WAITING THEN On CPU / runqueue
ELSE event
END
ORDER BY
1 DESC, 2 DESC
/

library cache lock WAITING 585
rdbms ipc message WAITING 16
Space Manager: slave idle wait WAITING 3
jobq slave wait WAITING 2
Streams AQ: waiting for time management or cleanup tasks WAITING 1
VKRM Idle WAITING 1
smon timer WAITING 1
Streams AQ: qmn coordinator idle wait WAITING 1
pmon timer WAITING 1
Streams AQ: qmn slave idle wait WAITING 1
DIAG idle wait WAITED KNOWN TIME 1
DIAG idle wait WAITING 1
library cache lock WAITED KNOWN TIME 1
VKTM Logical Idle Wait WAITING 1
asynch descriptor resize WAITED SHORT TIME 1
SQL*Net message from client WAITING 1

结合等待事件去分析
1.library cache lock 等待严重,另一方面考虑只有单独的这个业务用户 doudou 不能登录,其他业务类型的用户 doudou01 不受任何影响。再次怀疑可能是 11g 密码延迟机制导致的这个问题。

2. 然后查看了一下用户修改密码的时间
select * from sys.user$ where name= DOUDOU
PTIME=2013/11/6 11:22:09  –PTIME is the date the password was last changed
CTIME=2013/11/6 11:22:09 –CTIME is the date the user was created
从这里可以看出我们 DOUDOU 用户,没有修改过密码,但是为什么会出现大量的 library cache lock,没有修改密码,但是新业务配置的用户密码会不会有错误呢,这样询问了开发人员,原来他们的配置有错误,用户密码配置错误了。也就是错误的用户和密码批量请求导致了大量的 library cache lock。

搜索 MOS 找到了类似的案例
Library Cache Locks Due to Invalid Login Attempts (Doc ID 1309738.1)

Cause
Numerous failed logins attempts can cause row cache lock waits and/or library cache lock waits.
Set the below event in the spfile or init.ora file and restart the database:

alter system set event = 28401 TRACE NAME CONTEXT FOREVER, LEVEL 1 scope=spfile;

or

EVENT= 28401 TRACE NAME CONTEXT FOREVER, LEVEL 1

3. 问题解决,正确的用户密码配置之后,并设置参数 EVENT= 28401 TRACE NAME CONTEXT FOREVER, LEVEL 1,大量的 library cache lock 逐渐减少,最后消除。新业务也正常使用了

附表

user$ 视图解释
Test cases below show:

?CTIME is the date the user was created.
?LTIME is the date the user was last locked. (Note that it doesn t get NULLed when you unlock the user).
?PTIME is the date the password was last changed.
?LCOUNT is the number of failed logins.

记录用户登录失败触发器:
CREATE OR REPLACE TRIGGER logon_denied_to_alert
  AFTER servererror ON DATABASE
DECLARE
  message  VARCHAR2(168);
  ip  VARCHAR2(15);
  v_os_user VARCHAR2(80);
  v_module  VARCHAR2(50);
  v_action  VARCHAR2(50);
  v_pid  VARCHAR2(10);
  v_sid  NUMBER;
  v_program VARCHAR2(48);
BEGIN
  IF (ora_is_servererror(1017)) THEN
 
  — get ip FOR remote connections :
  IF upper(sys_context( userenv , network_protocol)) = TCP THEN
  ip := sys_context(userenv , ip_address
  END IF;
 
  SELECT sid INTO v_sid FROM sys.v_$mystat WHERE rownum
  SELECT p.spid, v.program
  INTO v_pid, v_program
  FROM v$process p, v$session v
  WHERE p.addr = v.paddr
  AND v.sid = v_sid;
 
  v_os_user := sys_context(userenv , os_user
  dbms_application_info.read_module(v_module, v_action);
 
  message := to_char(SYSDATE, YYYYMMDD HH24MISS) ||
  logon denied from || nvl(ip, localhost) || ||
  v_pid || || v_os_user || with || v_program || – ||
  v_module || || v_action;
 
  sys.dbms_system.ksdwrt(2, message);
 
  END IF;
END;
/

特别鸣谢:Travel http://www.traveldba.com/

附表:

查询错误密码的登录者
select username,
os_username,
userhost,
client_id,
trunc(timestamp),
returncode,
count(*) failed_logins
from dba_audit_trail
where returncode=1017 and –1017 is invalid username/password
timestamp sysdate
group by username,os_username,userhost, client_id,trunc(timestamp),returncode
order by trunc(timestamp) desc ;

以上是“数据库中批量错误用户名与密码导致业务用户 HANG 住怎么办”这篇文章的所有内容,感谢各位的阅读!相信大家都有了一定的了解,希望分享的内容对大家有所帮助,如果还想学习更多知识,欢迎关注丸趣 TV 行业资讯频道!

正文完
 
丸趣
版权声明:本站原创文章,由 丸趣 2023-07-20发表,共计3622字。
转载说明:除特殊说明外本站除技术相关以外文章皆由网络搜集发布,转载请注明出处。
评论(没有评论)