How To Configuring To Use Tbs Encryption

     You can encrypt any permanent tablespace to protect sensitive data. Tablespace encryption is completely transparent to your applications, so no application modification is necessary. Encrypted tablespaces primarily protect your data from unauthorized access by means other than through the database. For example, when encrypted tablespaces are written to backup media for travel from one Oracle database to another or for travel to an off-site facility for storage, they remain encrypted. Also, encrypted tablespaces protect data from users who try to circumvent the security features of the database and access database files directly through the operating system file system.Tablespace encryption does not address all security issues. It does not, for example, provide access control from within the database. Any user who is granted privileges on objects stored in an encrypted tablespace can access those objects without providing any kind of additional password or key.、

     To encrypt a tablespace, you must open the database with the COMPATIBLE initialization parameter set to 11.1.0 or higher. The default setting for COMPATIBLE for a new Oracle Database 11g Release 2 installation is 11.2.0. Any user who can create a tablespace can create an encrypted tablespace.

Transparent data encryption supports industry-standard encryption algorithms, including the following Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES) algorithms:

• AES256

• AES192

• AES128

• 3DES168

     The encryption key length is implied by the algorithm name. For example, the AES128 algorithm uses 128-bit keys. You specify the algorithm to use when you create the tablespace, and different tablespaces can use different algorithms. Although longer key lengths theoretically provide greater security, there is a trade-off in CPU overhead. If you do not specify the algorithm in your CREATE TABLESPACE statement, AES128 is the default. There is no disk space overhead for encrypting a tablespace.
      [oracle@ORACLERAC1 ~]$ cd /u01/app/oracle/product/11.2.0/network/admin/
[oracle@ORACLERAC1 admin]$ pwd
/u01/app/oracle/product/11.2.0/network/admin
[oracle@ORACLERAC1 admin]$ ls
listener.ora  samples  shrept.lst
[oracle@ORACLERAC1 admin]$
[oracle@ORACLERAC1 admin]$
[oracle@ORACLERAC1 admin]$ vi sqlnet.ora
ENCRYPTION_WALLET_LOCATION=
 (SOURCE=
  (METHOD=file)
   (METHOD_DATA=
    (DIRECTORY=/u01/wallet)))
[oracle@ORACLERAC1 admin]$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION=
 (SOURCE=
  (METHOD=file)
   (METHOD_DATA=
    (DIRECTORY=/u01/wallet)))
[oracle@ORACLERAC1 admin]$
[oracle@ORACLERAC1 admin]$
[oracle@ORACLERAC1 admin]$ exit
exit

SYS@PROD3>
SYS@PROD3> shut immediate;
Database closed.
Database dismounted.
host ORACLE instance shut down.
SYS@PROD3> mkdir /u01/wallet

SYS@PROD3> startup
ORACLE instance started.

Total System Global Area  542814208 bytes
Fixed Size                  2255032 bytes
Variable Size             406849352 bytes
Database Buffers          125829120 bytes
Redo Buffers                7880704 bytes
Database mounted.
Database opened.
SYS@PROD3> SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS
------------------
file
/u01/wallet
CLOSED

SYS@PROD3> host mkdir -p /u01/wallet
SYS@PROD3> ALTER SYSTEM SET ENCRYPTION key IDENTIFIED BY oracle;
System altered.
SYS@PROD3> SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS
------------------
file
/u01/wallet
OPEN
SYS@PROD3> create tablespace securepace datafile '/u01/app/oracle/oradata/PROD3/sec01.dbf' size 150m  ENCRYPTION
  2  DEFAULT STORAGE(ENCRYPT);
Tablespace created.

SYS@PROD3> SELECT PROPERTY_NAME, PROPERTY_VALUE FROM DATABASE_PROPERTIES WHERE
  2     PROPERTY_NAME='DEFAULT_TEMP_TABLESPACE';

PROPERTY_NAME
------------------------------
PROPERTY_VALUE
--------------------------------------------------------------------------------
DEFAULT_TEMP_TABLESPACE
TEMPTS
SYS@PROD3> CREATE TEMPORARY TABLESPACE temp TEMPFILE '/u01/app/oracle/oradata/PROD3/tmpnew.dbf' size 100m autoextend on;
Tablespace created.
SYS@PROD3>  @/home/oracle/scripts/setbs.sql
User created.
Grant succeeded.
Table created.
1 row created.
Commit complete.
Table created.
1 row created.
Commit complete.
SYS@PROD3> alter table  SH.SEC_TEST1 move tablespace securepace;
Table altered.
SYS@PROD3>  alter table SH.CIH_TEST1 move tablespace securepace;
Table altered.
SYS@PROD3>  select tablespace_name,encrypted
  2  from dba_tablespaces;
TABLESPACE_NAME                ENC
------------------------------ ---
SYSTEM                         NO
SYSAUX                         NO
UNDOTBS                        NO
TEMPTS                         NO
USERS                          NO
SECUREPACE                     YES
TEMP                           NO
7 rows selected.
SYS@PROD3> ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "oracle";
System altered.
SYS@PROD3> select count(*) from sh.CIH_TEST1;
select count(*) from sh.CIH_TEST1
                        *
ERROR at line 1:
ORA-28365: wallet is not open

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/13750068/viewspace-2143917/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/13750068/viewspace-2143917/