According to the Oracle documentation here (see heading Setting the PASSWORD_LIFE_TIME Profile Parameter to a Low Value) the account status is changed from OPEN
to EXPIRED(GRACE)
if the user is currently logged in when you change PASSWORD_LIFE_TIME
to a low value. I guess you were logged in as system when you changed the PASSWORD_LIFE_TIME
. Try logging in as CUSUSER and then changing it.
The following method will set a user's account status to EXPIRED(GRACE):
create profile EXPTESTPROF limit
failed_login_attempts 1
password_life_time 1/24/60/60
password_reuse_time unlimited
password_reuse_max 1
password_verify_function null
password_lock_time 1
password_grace_time 1;
create user EXPTEST identified by EXPTEST;
alter user EXPTEST profile EXPTESTPROF;
grant "CONNECT" to EXPTEST;
Then login as EXPTEST. You'll get the message that the password will expire within 1 day. If you check the ACCOUNT_STATUS now it should say EXPIRED(GRACE):
select ACCOUNT_STATUS
from DBA_USERS
where USERNAME = 'EXPTEST'
You may have been unaware of this, but everything and its grandmother done in MySQL is a question.
In light of this, the real question is : To mysqld, what is a Question ?
According to the MySQL Documentation on Questions:
The number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries variable. This variable does not count COM_PING, COM_STATISTICS, COM_STMT_PREPARE, COM_STMT_CLOSE, or COM_STMT_RESET commands.
Anything you issue for the sake of running queries or just checking a status of some kind is a Question. Even checking how many questions in your session is itself a Question. Here is proof: (I will connect to MySQL 5.6.14 for Windows and ask for Questions in my session):
Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.
C:\Windows\system32>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.14 MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show status like 'Questions';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Questions | 3 |
+---------------+-------+
1 row in set (0.11 sec)
mysql> show status like 'Questions';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Questions | 4 |
+---------------+-------+
1 row in set (0.00 sec)
mysql> show status like 'Questions';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Questions | 5 |
+---------------+-------+
1 row in set (0.00 sec)
mysql>
This is normal to expect, so there is really nothing to worry about.
YOUR ORIGINAL QUESTIONS
Is someone hacking my database?
No, you are not being hacked.
Is PHPMyAdmin reporting inaccurate information?
PHPMyAdmin asks mysqld Questions all day long. The result is that it just runs up the global count (As seen from SHOW GLOBAL STATUS;
). I wrote an answer to a post in ServerFault about 2.5 years ago entitled 1 billion mysql queries in 24 days? Can something be wrong?. I attributed the runaway stats to monitoring then, and I still strongly assert this now.
Best Answer
The password has been marked as 'EXPIRED' or marked with an 'EXPIRY_DATE' in dba_users. You will have to change it. You can set it back to the same password. The easy way would be setting the password "by values". This usually bypasses history checking.
The format of this is "alter user USER identified by values 'hash from dba_users.password';"