设为首页 加入收藏

TOP

Oracle11gSecureFiles说明(六)
2014-11-24 02:33:05 来源: 作者: 【 】 浏览:1
Tags:Oracle11gSecureFiles 说明
D = FILE)

(METHOD_DATA =

(DIRECTORY = /u01/app/oracle/product/11.2.0/db_1/network/admin)

)

)

ENCRYPTION_WALLET_LOCATION =

(SOURCE =

(METHOD = FILE)

(METHOD_DATA =

(DIRECTORY = /u01/app/oracle/admin/dave/encryption_wallet)

)

)

SQLNET.WALLET_OVERRIDE = TRUE

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_VERSION = 0

--添加完之后,重启listener,使参数生效。

--创建wallet:包括设置密码、生成信任文件、并启动wallet

CONN / AS SYSDBA

-- 10g version

ALTER SYSTEM SET ENCRYPTION KEYAUTHENTICATED BY "myPassword";

-- 11g version

ALTER SYSTEM SET ENCRYPTIONKEY IDENTIFIED BY "myPassword";

当实例重启后或者wallet被关闭后,必须重新open wallets,这样才能保护被加密的列:

-- 10g version

ALTER SYSTEM SET ENCRYPTION WALLET OPENAUTHENTICATED BY "myPassword";

-- 11g version

ALTER SYSTEM SET ENCRYPTION WALLET OPENIDENTIFIED BY "myPassword";

ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;

2.2.4.2 示例

SecureFile的ENCRYPT 在block-level上对LOBS的内容进行加密。可以使用USING 选项来指定使用哪种加密算法:3DES168, AES128, AES192,AES256,默认使用AES192进行加密。

当对SecureFile 进行加密后,NO SALT 选项不可用。加密是基于列来进行,如果是分区表,那么会影响所有的分区。

DECRYPT选项用来进行解密操作。 具体示例如下:

SQL> conn dave/dave;

Connected.

SQL> CREATE TABLE encrypt_tab (

2 id NUMBER,

3 clob_data CLOB

4 )

5 LOB(clob_data) STORE ASSECUREFILE encrypt_lob(

6 ENCRYPT USING 'AES256'

7 );

Table created.

--可以使用使用alert 来对已经存在的列进行加密或者解密操作,如果要更换加密算法的类型,必须使用REKEY 选项:

SQL> ALTER TABLE encrypt_tab MODIFY (

2 clob_data CLOB DECRYPT

3 );

Table altered.

SQL> ALTER TABLE encrypt_tab MODIFY (

2 clob_data CLOB ENCRYPT USING '3DES168'

3 );

Table altered.

SQL> ALTER TABLE encrypt_tab REKEY USING'AES192';

Table altered.

注意:

Exp/imp 工具不支持Encryption,所以要对加密的列进行传输,必须使用数据泵:expdp/impdp.

2.2.5 LOB Cache and Logging

BasicFile和SecureFile LOBs 都可以进行caching 和logging的设置,相关说明如下:

caching 值:

(1) CACHE - LOB data is placed in the buffer cache.

(2) CACHE READS - LOB data is only placed in the buffer cacheduring read operations, not write operations.

(3) NOCACHE - LOB data is notplaced in the buffer cache. This is the default optionfor BasicFile and SecureFile LOBs.

Basic的 logging 值:

(1) LOGGING - LOB creation andchanges generate full redo. This is the defaultsetting.

(2) NOLOGGING - The operations are not logged in the redo logs andare therefore not recoverable. This is useful during initial creation andduring large loads that can be replayed in the event of failure.

对与SecureFileLOBs多一个FILESYSTEM_LIKE_LOGGING选项,如果指定该选项,那么只对metadata 进行logging。

注意:

Cache 选项就意味着进行logging,所以如果指定了Cache,就不能指定logging 或者FILESYSTEM_LIKE_LOGGING.

相关示例:

CREATE TABLE caching_and_logging_tab (

id NUMBER,

clob_data CLOB

)

LOB(clob_data) STORE AS SECUREFILE(

NOCACHE

FILESYSTEM_LIKE_LOGGING

);

ALTER TABLE caching_and_logging_tab MODIFYLOB(clob_data) (

CACHE

);

2.2.6 使用PL/SQL APIs 对LOBs 属性进行查看与修改

2.2.6.1 DBMS_LOB package

DBMS_LOB 包可以查看BasicFile和SecureFile LOBs。 SETOPTIONS 过程和GETOPTIONS 函数查看compression, encryption anddeduplication 选项的修改。

CREATE TABLE securefile_tab (

id NUMBER,

clob_data CLOB

)

LOB(clob_data) STORE AS SECUREFILEsecurefile_lob(

encrypt

compress

);

INSERT INTO securefile_tab VALUES (1, 'Dave');

INSERT INTO securefile_tab VALUES (2, 'Oracle');

COMMIT;

SET SERVEROUTPUT ON

DECLARE

l_clob CLOB;

BEGIN

SELECT clob_data

INTO l_clob

FROM securefile_tab

WHERE id = 1

FORUPDATE;

DBMS_OUTPUT.put_line('Compression : ' || DBMS_LOB.getoptions(l_clob, DBMS_LOB.opt_compress));

DBMS
首页 上一页 3 4 5 6 下一页 尾页 6/6/6
】【打印繁体】【投稿】【收藏】 【推荐】【举报】【评论】 【关闭】 【返回顶部
分享到: 
上一篇Oracle学习笔记5--多表查询 下一篇Oracle11gDirectNFS

评论

帐  号: 密码: (新用户注册)
验 证 码:
表  情:
内  容: