Oracle10gR2 中 Oracle Wallet 的初步使用和维护

http://blog.sina.com.cn/s/blog_4d8a2c970100fjks.html

wallet useful in :

1, client auto login databae.

2, database data encryption.

-- detail settings

1, in client side , set following parameters in sqlnet.ora file .

WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:temp)
)
)

# THE FOLLOWING PARAMETER IS NEEDED FOR AUTO LOGIN. IF SET TO FALSE, THEN DO NOT ALLOW AUTO LOGIN FEATURE.
SQLNET.WALLET_OVERRIDE = TRUE

-- command to create credential of client login, need to do in client side.

-- Be Aware that all parameter of mksotre is case-sensitive even in windows platform.

mkstore -wrl c:temp -create # create a auto-login wallet (different from encryption data wallet, so the path must be exclusive).

mkstore -wrl c:temp -createCredential emr scott "tiger" -- create an auto-login user credential , allow user scott to login to server emr , which normally login is as : sqlplus scott/tiger@emr .

2,

ENCRYPTION_WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:tempenc)
)
)

encryption column sample :

create table t_enc1 ( id number(10) , bank_card_id varchar2(30) encrypt using 'aes256' ) ;

alter table emp modify empno encrypt no salt;

alter table emp modify deptno encrypt no salt

ORA-28335: referenced or referencing FK constraint column cannot be encrypted
SQL> alter table dept modify deptno encrypt no salt;

alter table dept modify deptno encrypt no salt

ORA-28335: referenced or referencing FK constraint column cannot be encrypted
主外键约束的字段,主表和从表字段都不能加密.

SQL> alter table emp modify sal decrypt ;

Table altered

SQL> alter table emp modify sal encrypt using 'aes256';

alter table emp modify sal encrypt using 'aes256'

ORA-28340: a different encryption algorithm has been chosen for the table
alter table emp rekey using 'aes256' ; -- change all columns of one table to a different encryption algorighm.

alter table emp rekey using '3des168' ; -- test again.

--- up until now, only encryption wallet could be close clearly . I'm failed to close auto-login wallet.

alter system set [encryption] wallet close identified by "password" ; -- in 11G must specify password if you close a wallet.

[@more@]