Secure Role

▣ Secure Role 생성 및 사용

S SYS> create role dba2;

Role created.

S SYS> grant dba to dba2;

Grant succeeded.

S SYS> alter role dba2 identified by "x1818";

Role altered.

S SYS> grant dba2 to scott;

Grant succeeded.

S SCOTT> select role from ROLE_ROLE_PRIVS;

ROLE

------------------------------

DBA

DBA2    =>   SCOTT 인데 패스워드 없어도 DBA2 권한 사용이 가능하기 때문에 문제점

   

S SYS> alter user scott default role

  2  all except dba2;

User altered.

S SCOTT> create table hr.xxx(x date);

create table hr.xxx(x date)

*

ERROR at line 1:

ORA-01031: insufficient privileges

   

S SCOTT> set role dba2 identified by "x1818";  =>  패스워드 사용한 후 아래와 같이 사용가능

Role set.

S SCOTT> create table hr.xxx(x date);

Table created.

S SYS> select username,password from dba_users;

USERNAME                       PASSWORD        => 패스워드가 hash 됨

------------------------------ ------------------------------

   

SCOTT                          F894844C34402B67    =>   tiger가 F894844C34402B67로 Hash

   

   

 S SYS> select ora_hash('TIGER') from dual;

ORA_HASH('TIGER')

-----------------

       4203896837   =>    Tiger를 Hash할 수 있지만 4203896837를 Tiger로 Hash하지 못함

S SYS> /

ORA_HASH('TIGER')

-----------------

       4203896837