2.9 用户的锁定

在Oracle 11g的创建脚本中,存在如下一个名为 lockAccount.sql的脚本,该脚本在完成数据库创建之后,将部分用户账号锁定。一个简单的FOR循环完成了这个安全加固的工作:

SET VERIFY OFF

set echo on

spool D:\oracle\admin\eyglee\scripts\lockAccount.log append

BEGIN

FOR item IN ( SELECT USERNAME FROM DBA_USERS WHERE ACCOUNT_STATUS IN ('OPEN', 'LOCKED', 'EXPIRED') AND USERNAME NOT IN ( 'SYS','SYSTEM') )

LOOP

dbms_output.put_line('Locking and Expiring: ' || item.USERNAME);

execute immediate 'alter user ' ||

sys.dbms_assert.enquote_name(

sys.dbms_assert.schema_name(

item.USERNAME),false) || ' password expire account lock' ;

END LOOP;

END;

/

spool off