Wednesday, November 28, 2012

0 TABLESPACE(6): Tablespace encryption

The data store in the datafile is in the binary format. However, it is still possible to use convert the binary data to text and read the data.

create tablespace mytbs1 datafile size 10M autoextend on next 10M MAXSIZE 100M;
 
col TABLESPACE_NAME format a15
col FILE_NAME format a40
select  TABLESPACE_NAME,FILE_ID,FILE_NAME
from DBA_DATA_FILES
Where TABLESPACE_NAME='MYTBS1';
 
create table PO1 (NAME VARCHAR(20)) tablespace MYTBS1;
INSERT INTO PO1 VALUES ( 'PANDA');
COMMIT;
--  This would convert binary to string but we may not able to see the data because even the data is commit but it only exsit in the buffer pool
! strings /home/oracle/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_mytbs1_8cc6wdgt_.dbf
-- force the checkpoint and DWR would write the data back to the disk
alter system checkpoint;
! strings /home/oracle/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_mytbs1_8cc6wdgt_.dbf

image

Create the wallet

identified by is the password would be used to encrypt the wallet file.

Select * from V$encryption_wallet;
alter system set encryption key identified by oracle;
alter system set encryption wallet open identified by oracle;

 

image

image

image

Create the tablespace encryption by wallet

 

create tablespace mytbs2 datafile size 10M autoextend on next 10M MAXSIZE 100M ENCRYPTION DEFAULT STORAGE(ENCRYPT);
 
col TABLESPACE_NAME format a15
COL FILE_NAME FORMAT A40
select  DF.TABLESPACE_NAME,DF.FILE_NAME,DS.encrypted
from DBA_DATA_FILES DF,DBA_TABLESPACES DS
where DF.TABLESPACE_NAME=DS.TABLESPACE_NAME
and 
DF.TABLESPACE_NAME='MYTBS2';
 
select TABLESPACE_NAME,encrypted from DBA_TABLESPACES where TABLESPACE_NAME='MYTBS2';
 
create table PO2 (NAME VARCHAR(20)) tablespace MYTBS2;
INSERT INTO PO2 VALUES ( 'PANDA');
COMMIT;
 
 
--  This would convert binary to string but we may not able to see the data because even the data is commit but it only exsit in the buffer pool
! strings /home/oracle/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_mytbs2_8cc7m3kv_.dbf
-- force the checkpoint and DWR would write the data back to the disk
alter system checkpoint;
! strings /home/oracle/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_mytbs2_8cc7m3kv_.dbf

image

When we try to convert the binary to text, it is no longer readable .

image

How to resolve the ORA-28368 error

This error usually means either Oracle has permission issue on the wallet path or the path does not exist.

image

0 comments:

Post a Comment

 

SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates