Database Reference
In-Depth Information
Let's have a close look at this new parameter. First, here is the version banner from my test instance:
SQL> select banner from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
PL/SQL Release 12.1.0.1.0 - Production
CORE 12.1.0.1.0 Production
TNS for Linux: Version 12.1.0.1.0 - Production
NLSRTL Version 12.1.0.1.0 - Production
And next is a query that retrieves information about the parameter itself:
SQL> select a.ksppinm name, b.ksppstvl value,b.ksppstdf deflt,
decode (a.ksppity, 1,
'boolean', 2,
'string', 3,
'number', 4,
'file', a.ksppity) type, a.ksppdesc description
from
sys.x$ksppi a,
sys.x$ksppcv b
where a.indx = b.indx
and
a.ksppinm ='_sys_logon_delay'; 2 3 4 5 6 7 8 9 10 11 12
NAME
--------------------------------------------------------------------------------
VALUE
--------------------------------------------------------------------------------
DEFLT TYPE
--------- ----------------------------------------
DESCRIPTION
--------------------------------------------------------------------------------
_sys_logon_delay
1
TRUE number
failed logon delay for sys
This simple improvement reduces the single greatest risk to external attack for Oracle DB and makes 12c more
secure than 11g.
If we wanted to, we could change the parameter back to 0 to effectively disable it, or to FALSE to truly disable
it. For any change to be effective, you will need to restart your instance. That's because the parameter is a static
parameter. Following is an
alter system
command to set the delay to zero, which will remove the delay. This will
therefore enable brute-force attacks remotely on SYS, so it is not recommended.
alter system set "_sys_logon_delay"=0 scope=spfile;
