使用mkstore命令创建主密码,添加用户凭据
1. [oracle@rhel6 ~]$ mkstore -create -wrl /u01/app/connectwallet/ora10g/
2. Enter password:
3. Enter password again:
4. [oracle@rhel6 ~]$ ls /u01/app/connectwallet/ora10g/
5. cwallet.sso ewallet.p12
6.
7. [oracle@rhel6 ~]$ mkstore -wrl /u01/app/connectwallet/ora10g/ -createCredential HRUSERS hr hr
8. Enter password:
9. Create credential oracle.security.client.connect_string1
测试:
1. [oracle@rhel6 ~]$ sqlplus /nolog
2. SQL*Plus: Release 10.2.0.1.0 - Production on Wed Aug 10 11:38:45 2011
3. Copyright (c) 1982, 2005, Oracle. All rights reserved.
4. SQL> conn /@HRUSERS
5. Connected.
6. SQL> show user;
7. USER is "HR"
8. SQL> select count(*) from employees;
9.
10. COUNT(*)
11. ----------
12. 110
二:数据泵导入导出加密,外部表加密
1. 数据泵导入导出加密
1. [oracle@rhel6 ~]$ cat /u01/app/oracle/network/admin/sqlnet.ora
2. WALLET_LOCATION=
3. (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/u01/app/wallet/ora10g/)))
4. [oracle@rhel6 ~]$ sqlplus /nolog
5. SQL*Plus: Release 10.2.0.1.0 - Production on Fri Aug 12 09:10:23 2011
6. Copyright (c) 1982, 2005, Oracle. All rights reserved.
7. SQL> conn /as sysdba
8. Connected.
9. SQL> create directory dir01 as '/home/oracle/dir01';
10. Directory created.
11.
12. SQL> grant read,write on directory dir01 to hr;
14.
15. SQL> alter system set encryption wallet open identified by "oracle456";
16. System altered
17.
18. SQL> conn hr/hr
19. Connected.
20. SQL> create table t04315_c (id number,name varchar2(20) encrypt);
21. Table created.
22.
23. SQL> insert into t04315_c values (1,'sam');
24. 1 row created.
25.
26. SQL> commit;
27. Commit complete
28.
29. [oracle@rhel6 ~]$ expdp hr/hr directory=dir01 dumpfile=1.dmp tables=t04315_c encryption_password=oracle123456
30. Export: Release 10.2.0.1.0 - 64bit Production on Friday, 12 August, 2011 9:18:42
31. Copyright (c) 2003, 2005, Oracle. All rights reserved.
32. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
33. With the Partitioning, OLAP and Data Mining options
34. Starting "HR"."SYS_EXPORT_TABLE_01": hr/******** directory=dir01 dumpfile=1.dmp tables=t04315_c encryption_password=*****
35. Estimate in progress using BLOCKS method...
36. Processing object type TABLE_EXPORT/TABLE/TABLE_DATA
37. Total estimation using BLOCKS method: 64 KB
38. Processing object type TABLE_EXPORT/TABLE/TABLE
39. . . exported "HR"."T04315_C" 5.273 KB 1 rows
40. Master table "HR"."SYS_EXPORT_TABLE_01" successfully loaded/unloaded
41. ******************************************************************************
42. Dump file set for HR.SYS_EXPORT_TABLE_01 is:
43. /home/oracle/dir01/1.dmp
44. Job "HR"."SYS_EXPORT_TABLE_01" successfully completed at 09:18:55
若不使用encryption_password指定密码,则会提示ORA-39173,加密的数据已经被泄密导出
1. [oracle@rhel6 ~]$ expdp hr/hr directory=dir01 dumpfile=2.dmp tables=t04315_c
2. Export: Release 10.2.0.1.0 - 64bit Production on Friday, 12 August, 2011 9:19:35
3. Copyright (c) 2003, 2005, Oracle. All rights reserved.
4. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
5. With the Partitioning, OLAP and Data Mining option