关于oracle 安全的小知识dbms_ir , dbms_utility, bypass privileges via view

Oracle数据库安全问题最近几年变的格外关注, 除了数据泄露外还有一些数据库自身的问题,在没有安装最新PSU 或相关CPU时,如果被心存不鬼的人利用将会非常危险. 这里我简单记录三个问题, 测试环境为11.2.0.4 on solaris 11 OS(no patch any PSU or CPU).
1, 使用dbms_ir执行SQL 脚本
2, 只有create session 权限使用dbms_utility 创建表
3, 有select any dictionary的权限修改其它用户的密码

ORA-00600: internal error code, arguments: [504] [row cache objects] on oracle 9i

My db env Oracle 9.2.0.6 on SunOS 5.10, during the problem occurs Database hang, and many sessions wait ‘libaray cache lock’ and after awhile sqlplus connect failed, Before the problem occurs ,We to a statspack, and explain plan for sql, but the sql did not use parallel and db_link, and select on v$sql_plan

ora-01499 & ora-08103 caused by block corrupted or write loss a case

ORA-1499 is produced by statement “ANALIZE TABLE|CLUSTER VALIDATE STRUCTURE CASCADE” to report an inconsistency between a table or a cluster and its index where an index,ORA-8103 is caused by an invalid block type. The block header has an invalid block type or the block type inside the block is not expected

,

Instance Crash in 11.2.0.3 RAC and ORA-600 [kcbo_switch_cq_1]

Errors in file /oracle/app/oracle/diag/rdbms/anbob/anbob1/trace/anbob1_pmon_15074000.trc:
ORA-00600: internal error code, arguments: [kcbo_switch_cq_1], [], [], [], [], [], [], [], [], [], [], []
PMON (ospid: 15074000): terminating the instance due to error 472

,

Tuning ‘latch free’ & ‘null event’ wait event in Oracle 9i

最近遇到一套9I数据库遇到了性能问题, 现象是数据库主机CPU使用率很高应用响应缓慢,Cpu Idel几乎为0, 从v$session_wait查看数据库当前的活动会话在等待’null event’和’latch free’.

Crsd start fail and crsd.log show “Policy Engine is not initialized yet”& evmd.log show “[gipcretConnectionRefused] [29]”

最近一套数据库的2节点半夜突然crash,被1节点驱逐, AGENT 启动DB失败,手动重启CRS启动失败,后来发现日志中的现象与MOS中多篇bug很像但又不是,节点2CRS启动失败,AIX环境,crs日志显示”Policy Engine is not initialized yet”,evmd.log 显示”[gipcretConnectionRefused] [29]”

11.2 impdp ORA-31693 ORA-29913 ORA-27163 when the table has xmltype column

ORA-31693: Failed to load / unload the data object table “ANBOB” “SDTEMPETL” object is ignored because of the error.:
ORA-29913: error in executing the call ODCIEXTTABLEFETCH
ORA-27163: insufficient memory(内存不足)

,

11.2.0.3 CRS start slow and cssd.log show ‘Msg-reply has soap fault 10’ 案例

修改PUBLIC IP应该就可以,但是应用前期连接数据库存在使用public IP的中件间,而且短时间内无法梳理并修改, 如何及解决CRS启动慢的问题又可以避免中间件或为中间件争取时间梳理? 下面是我的一种方案。

Performance Tunning: enq: JI – contention

JI enqueue is used to serialize the refresh of a materialized view, JI enqueue is acquired in exclusive mode on the mview base (container) table when the refresh is being performed, it ensures that two or more refresh processes do not try to refresh the same object.

Troubleshooting: ORA-00600: [kkpo_rcinfo_defstg:delseg], [xxxx] & ora-600 [25027] & ora-600 [ktadrprc-1]

因为某些原因数据字典表不一致,导到该表在查询或导出时都会提示ora-600 [kkpo_rcinfo_defstg:delseg] 错误,因为数据库使用延迟段创建,手动分配segment时提示ORA-600 [25027],对分区做MOVE时会提示ORA-600 [ktadrprc-1], 使用hcheck脚本检查会提示Orphaned TABPART$

,

Oracle 12.2.0.1 SQL HINT

source: v$sql_hint NAME VERSION VERSION_OUTLINE INVERSE […]

Oracle 12C new feature: more detail from scheduler job view

我喜欢在PROCEDURE中增加一些DBMS_OUTPUT输出调试过程,但是只有在控制台运行才可以看到输出, 在11g及之前的版本中使用DBMS_SCHEDLER创建的JOB已经增加了DBA_SCHEDULER_JOB_RUN_DETAILS 视图可以记录一些运行的日志信息如error#,在12C的版本中再增强,同样记录了procedure中使用的DBMS_OUTPUT的输出和ERROR的具体文本…

12C R2 new feature: 128 bytes for identifiers (表名长度可用128字节)

sys@pdborcl:orcl> CREATE table anbob_com_copyright_anbob_com_copyright_anbob_com_copyright_anbob_com_copyright_t(id int, col_name_col_name_col_name_col_name_col_name_col_name_col_name_col_name_col_name_largecolumn varchar2(5000));
Table created.
从12c r2 Release起表名和列名的长度限制为128 bytes.

Lots of Long transaction caused by database link, and undo hdr show DBA for that slot is 0x00000000

部署GOLDENGATE时发现,当前库中存在较多的长事务,在v$transaction中显示状态一直是ACTIVE, 对于长事务的对OGG的BR或启动抽取位置有较大影响, 奇怪的是这些长事务的起动时间甚至都有3天以上,而且当前会话状态已是INACITVE.而且查看UNDO SEGMENT HEADER上对应的SLOT 的DBA是0x00000000。

DBVerify report Corrupt block “Completely zero block found during dbv” when use RAW Device, but rman not.

因为raw device头上记录的是552959 个块数,但数据文件实际为540640个块数, 所以在oracle 未使用的block都未格式化,但是DBV如果不指定end 截至位置都会扫描, 所以DBV会提示那些都是勘误块, 使用RMAN未发现。

DBV not always correct, as in an extreme case the use of raw device

RAW DEVICE可以在增加数据文件时不指定文件大小,可用空间这样通常是RAW Device的实际大小, 但是文件头上不会写入可用块数,表空间块大小会写入, 这种情况下DBV工具无法从文件头正确的获取blocks数,所以产生错误的扫描块数结果。在不指定大小的情况下,如果RAW Device曾经文件头上有记录之前的blocks,RAW device在新加入数据库时也不会擦写该位置,这样后期在使用DBV时的结果就不正确。

Scripts: format Library Cache Lock/pin wait event p3 value

SQL> exec lbc_p3(1571747577004035);
———————————————
……………………..Library cache P3 value: 1571747577004035
………………….Library cache P3 value HEX: 5957f00010003
…………………………………Object id: 365951
…………………………………Namespace: 1
……………………………….RequestMode: exclusive mode

OGG 12.2 extract not moving when redo log files are placed on RAW device AIX (解决办法)

近期在配置OGG环境中遇到了个问题,相同ogg和oracle rdbms版本,HPUX和Linux 平台运行正常, 只是AIX 平台的ogg extract进程没有进度, 启动时initial就要好久,同时也未报错, redo文件使用的是RAW device(裸设备), OGG release 12.2 , Oracle RDBMS release 11.2.0.3. 在OGG 12以前我们都知道存在一个参数RawDeviceOffset,但是12版本中该参数不存在了

GOLDENGATE 12.2 Undocumented parameters(隐藏参数)

goldengate 像数据库一样存在大量的隐藏参数,12.2 版本隐藏参数数量超过了200个, 但是这些参数并不是像ORACLE DATABASE一样公开了参数的描述作用,而且研究的人也不多,GOOGLE和MOS上很多参数都查不出相关信息…

EM agent 12.1 割接主机后重部署 agent is blocked, and “out-of-sync with repository”

ORACLE DB 有时出于硬件维护等情况需要更换主机操作,但IP,DB实例等都未改变, 这时在割接后的机器需要重新部署EM_AGENT , 我通常是离线安装, 离线安装EM ANGENT 12参考我之前的笔记Acquiring Management Agent Software for HPUX&AIX in the Offline Mode(离线安装EM agent),OMS 端原target 不需要删除在重新填加, 但是重部署后的EM_agent 通过emctl status agent 状态会是blocked,这时重新同步一下即可。