Oracle Data Pump与加密

高级安全指南里说的比较少,所以看了以下2个白皮书:

  • Oracle Data Pump Encrypted Columns Support 10g
  • Oracle Data Pump Encrypted Dump File Support 11g
  • Protect your data with Encrypted Data Pump Jobs

TDE只保证数据库内数据的加密,出库即解密。

所以出库后的加密,需要依赖于RMAN或Data Pump。此时才会有password,wallet和dual mode的概念。

两个有用的例子。

外部表dump文件,加密整个文件:

CREATE TABLE XDEPT (
deptno,
dname,
loc)
ORGANIZATION EXTERNAL
(
TYPE ORACLE_DATAPUMP
DEFAULT DIRECTORY DATA_PUMP_DIR
ACCESS PARAMETERS (ENCRYPTION ENABLED)
LOCATION ('xdept.dmp')
)
REJECT LIMIT UNLIMITED
AS SELECT * FROM DEPT;

ERROR at line 1:
ORA-29913: error in executing ODCIEXTTABLEPOPULATE callout
ORA-39188: unable to encrypt dump file set
ORA-28365: wallet is not open

外部表dump文件,加密某列:

CREATE TABLE XEMP (
empid,
empname,
salary ENCRYPT IDENTIFIED BY "column_pwd")
ORGANIZATION EXTERNAL
(
TYPE ORACLE_DATAPUMP
LOCATION ('xemp.dmp')
)
REJECT LIMIT UNLIMITED
AS SELECT empno, ename, sal FROM EMP;

ERROR at line 11:
ORA-28365: wallet is not open

你可能感兴趣的:(Oracle数据库管理,Oracle数据库安全,oracle,database,security,datapump,encryption)