TimesTen访问Oracle的口令存在哪里(ttCacheUidPwdSet还是OraclePWD)

在TimesTen中建立Cache Group时,需要用ttCacheUidPwdSet存储Oracle数据库中Cache Admin的用户名和口令。但同时,在一些操作如passthrough或者是ttLoadFromOracle时,还需要在connectString中指定OraclePWD,若未指定,则出现以下的错误,例如:

Command> refresh cache group readcache commit every 256 rows;
15022: OraclePwd connection attribute needs to be specified and has to be non-empty for using TimesTen Cache features
5109: Cache Connect general error: BDB connection not open.
The command failed.

那么对于TimesTen而言,何时使用ttCacheUidPwdSet存储的口令,何时又需要在连接时指定OraclePWD呢? 我在TimesTen的论坛里发了个Thread后,得到了Chris Jenkins的答复如下:

TimesTen cache uses different kinds of oracle user. There is the ‘cache admin’ user that is used by the cache agent to connect to Oracle and perform certain operations, and then there are regular cache users’ used by ttIsql and application sessions to perform other kinds of operations. Similarly there are two different sorts of TT <-> oracle connections used by TimesTen cache; connections to Oracle from the cache agent and ‘shadow’ connections that parallel an application connections to TimesTen.

When you use ttCacheUidPwdSet you are storing the cache admin user’s Oracle credentials in the database so that the cache agent can use them to connect to Oracle. Operations that get handed off to the cache agent do not require session level Oracle credentials to be set (via UID/OraclePWD) but those operations that are executed by the TimesTen library over the application connection’s ‘shadow’ connection to Oracle will authenticate against Oracle using the applications credentials and not the cache admin credentials. Hence those operations require to know the username and password for the application user in order to authenticate to Oracle. If the application never performs any operations that must directly authenticate to oracle then it does not need to provide an OraclePWD in its connection string. Of course it is not at all easy to know for sure which operations go via the cache agent and which are executed directly over the application’s shadow connection :-(

I think that the safest thing to say is that in general applications that use TimesTen cache should provide OraclePWD unless extensive testing has been performed to ensure that they do not perform any operations that require a shadow connection to Oracle. And of course even then things may change from release to release.

解释有点长,我简单说明一下。
TimesTen有两种到Oracle的连接,一种是Cache Agent后台用的,执行如autorefresh这样的操作,既然都auto了,总不能每次都问人家要口令吧,于是就得预先用ttCacheUidPwdSet存起来;另外一种是前台应用访问Oracle,处于安全考虑,不要口令就不太合适了,因此需要用OraclePWD实时指定。

例如,我之前发现,当用schema user/app user访问CG(Cache Group)时,对于AWT CG或READONLY CG,如果是Dynamic,则需要指定oraclepwd属性,如此才可以使用dynamic load。
若为非Dynamic,则无需指定oraclepwd属性,会自动用到ttCacheUidPwdSet存储的口令进行操作。另外,当用cache manager用户执行一些refresh,load操作时也需要指定oraclepwd。

用上面的回答来解释就比较容易理解了。
对于非Dynamic的AWT和Read Only CG,由于后台有autorefresh操作,这些自动化的操作当然就无需指定OraclePWD了。而对于手工发起的操作,如refresh,load,还有Dynamic的缓存组(按需加载而非自动加载),当然就需要指定OraclePWD了。

另外,如果是应用开发,在代码中指定OraclePWD也比较简单,其实就是在ConnectString中加属性即可,例如:
OCI的例子:

text *cacheuser = (text *)"cacheuser1";
text *cachepwds = (text *)"ttpwd;OraclePWD=orclpwd";
text *ttdbname = (text *)"tt_tnsname";
....
OCILogon2(envhp, errhp, &svchp,
(text *)cacheuser, (ub4)strlen(cacheuser),
(text *)cachepwds, (ub4)strlen(cachepwds),
(text *)ttdbname, (ub4)strlen(ttdbname), OCI_DEFAULT));

Pro*C/C++的例子:

text *cacheuser = (text *)"cacheuser1";
text *cachepwds = (text *)"ttpwd;OraclePWD=orclpwd";
text *dbname = (text *)"tt_tnsname";
....
EXEC SQL CONNECT :cacheuser IDENTIFIED BY :cachepwds AT :dbname

你可能感兴趣的:(oracle,timesten)