043 security wallet
three type wallets in the oracle database
1)first: simplify_wallet
1@@@@create a wallet directory
[oracle@station60 orcl]$ pwd
/u01/app/oracle/admin/orcl
[oracle@station60 orcl]$ mkdir wallet
2@@@@create a wallet key in the sqlplus.
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption key identified by "oracle456";
System altered.
SQL> alter system set encryption wallet open identified by "oracle456";
alter system set encryption wallet open identified by "oracle456"
*
ERROR at line 1:
ORA-28354: wallet already open
3@@@@the wallet directory wolud be produce the file autoly
[oracle@station60 wallet]$ ls
ewallet.p12
[oracle@station60 orcl]$ ls
adump bdump cdump dpdump pfile udump wallet
4@@@@create a encrypt table
SQL> conn /as sysdba;
Connected.
SQL> create table t04315_b(a number, b varchar2(20) encrypt);
Table created.
SQL> insert into t04315_b values(1,'success');
1 row created.
SQL> commit;
Commit complete.
5@@@@check the wallet encryption function
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption wallet close;
System altered.
SQL> conn hr/hr
Connected.
SQL> select * from t04315_b;
select * from t04315_b
*
ERROR at line 1:
ORA-28365: wallet is not open
6@@@@encryption crash stuation
@@@if you delete the ewallet.p12 in the wallet,then the encrypt table would
@@@be disappear forever.therefore, dba must be careful.
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption wallet open identified by "oracle456";
alter system set encryption wallet open identified by "oracle456"
*
ERROR at line 1:
ORA-28367: wallet does not exist
SQL> select * from hr.t04315_b;
select * from hr.t04315_b
*
ERROR at line 1:
ORA-28365: wallet is not open
2)second: global wallet
1@@@@create the wallet directory
[oracle@station60 orcl]$ pwd
/u01/app/oracle/wallet/orcl
2@@@@create wallet file by Graphical User Interface(GUI)
[root@station60 ~]# xhost +
access control disabled, clients can connect from any host
[root@station60 ~]# su - oracle
[oracle@station60 ~]$ owm
#####input the password and select the place to save. no certificate.
Done.
[oracle@station60 ~]$ cd /u01/app/oracle/wallet/orcl
[oracle@station60 orcl]$ ls
ewallet.p12
3@@@@modify the sqlnet.ora
[oracle@station60 orcl]$ cd $TNS_ADMIN
[oracle@station60 admin]$ cat sqlnet.ora
sqlnet.wallet_override=true
encryption_wallet_location=(source=(method=file)(method_data=(directory=/u01/app/oracle/wallet/orcl)))
#####it is a raw without 'enter'
SQL> shutdown immediate
SQL> startup
#####startup force is danager,use it carefully
4@@@@check the wallet
SQL> conn /as sysdba;
Connected.
SQL> alter system set encryption key identified by "oracle456";
System altered.
SQL> alter system set encryption wallet open identified by "oracle456";
System altered.
SQL> conn hr/hr
Connected.
SQL> create table t04315_a1(a number);
Table created.
SQL> alter table hr.t04315_a1 modify(a encrypt);
Table altered.
SQL> alter table hr.t04315_a1 modify(a decrypt);
Table altered.
SQL> select * from dba_encrypted_columns
3)third: connectwallet remote login with the user hr
1@@@@create the directory to save the wallet
[oracle@station3 orcl]$ ls
cwallet.sso ewallet.p12
[oracle@station3 orcl]$ pwd
/u01/app/oracle/connectwallet/orcl
[oracle@station3 u01]$ ll /u01
total 20
drwxr-xr-x 3 oracle oinstall 4096 Sep 10 00:33 app
@@@the directory'own must be the user oracle.
2@@@@generate the hruser connection
[oracle@station3 orcl]$ cat /u01/app/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora
HRUSER =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.3)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE = DEDICATED)
(SERVICE_NAME = orcl.oracle.com)
)
[oracle@station3 orcl]$ tnsping hruser
@@@it must be a successful link.
3@@@@edit the sqlnet.ora
[oracle@station3 orcl]$ cd $TNS_ADMIN
[oracle@station3 admin]$ pwd
/u01/app/oracle/product/10.2.0/db_1/network/admin
[oracle@station3 admin]$ cat sqlnet.ora
sqlnet.wallet_override=true
wallet_location=(source=(method=file)(method_data=(directory=/u01/app/oracle/connectwallet/orcl/)))
@@@that file control user to login.
4)create the wallet key and make the scurity connection
[oracle@station3 admin]$ mkstore -create -wrl /u01/app/oracle/connectwallet/orcl
Enter password:
Enter password again:
[oracle@station3 admin]$ mkstore -wrl /u01/app/oracle/connectwallet/orcl -createCredential HRUSER hr hr;
Enter password:
Create credential oracle.security.client.connect_string1
[oracle@station3 admin]$ sqlplus /nolog
SQL> conn /@hruser
Connected.
SQL> show user
USER is "HR"
SQL> select salary from employees where employee_id=100;
SALARY
----------
24000
本文出自 “Oracle+Linux=>Majesty” 博客,谢绝转载!