oracle10g_security wallet
043 security wallet
three type wallets in the oracle database
#######################################
first: simplify_wallet
#######################################
1)create a wallet directory
[oracle@station60 orcl]$ pwd
/u01/app/oracle/admin/orcl
[oracle@station60 orcl]$ mkdir wallet
2)create a wallet key in the sqlplus.
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption key identified by "oracle456";
System altered.
SQL> alter system set encryption wallet open identified by "oracle456";
alter system set encryption wallet open identified by "oracle456"
*
ERROR at line 1:
ORA-28354: wallet already open
3)the wallet directory wolud be produce the file autoly
[oracle@station60 wallet]$ ls
ewallet.p12
[oracle@station60 orcl]$ ls
adump bdump cdump dpdump pfile udump wallet
4)create a encrypt table
SQL> conn /as sysdba;
Connected.
SQL> create table t04315_b(a number, b varchar2(20) encrypt);
Table created.
SQL> insert into t04315_b values(1,'success');
1 row created.
SQL> commit;
Commit complete.
5)check the wallet encryption function
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption wallet close;
System altered.
SQL> conn hr/hr
Connected.
SQL> select * from t04315_b;
select * from t04315_b
*
ERROR at line 1:
ORA-28365: wallet is not open
6)encryption crash stuation
if you delete the ewallet.p12 in the wallet,then the encrypt table would
be disappear forever.therefore, dba must be careful.
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption wallet open identified by "oracle456";
alter system set encryption wallet open identified by "oracle456"
*
ERROR at line 1:
ORA-28367: wallet does not exist
SQL> select * from hr.t04315_b;
select * from hr.t04315_b
*
ERROR at line 1:
ORA-28365: wallet is not open
########################################
second: global wallet
########################################
1)create the wallet directory
[oracle@station60 orcl]$ pwd
/u01/app/oracle/wallet/orcl
2)create wallet file by Graphical User Interface(GUI)
[root@station60 ~]# xhost +
access control disabled, clients can connect from any host
[root@station60 ~]# su - oracle
[oracle@station60 ~]$ owm
#####input the password and select the place to save. no certificate.
Done.
[oracle@station60 ~]$ cd /u01/app/oracle/wallet/orcl
[oracle@station60 orcl]$ ls
ewallet.p12
3)modify the sqlnet.ora
[oracle@station60 orcl]$ cd $TNS_ADMIN
[oracle@station60 admin]$ cat sqlnet.ora
sqlnet.wallet_override=true
encryption_wallet_location=(source=(method=file)(method_data=(directory=/u01/app/oracle/wallet/orcl)))
#####it is a raw without 'enter'
SQL> shutdown immediate
SQL> startup
#####startup force is danager,use it carefully
4)check the wallet
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption key identified by "oracle456";
System altered.
SQL> alter system set encryption wallet open identified by "oracle456";
System altered.
SQL> conn hr/hr
Connected.
SQL> create table t04315_a1(a number);
- 发表评论
-
- 最新评论 更多>>