Oracle Wallet初探
Oracle Wallet初探1.什么是Wallet
A datastructure used to store and manage security credentials for an individualentity.
从Oracle10gR2开始, 通过使用Oracle Wallet达到用户不使用密码登录数据库(非操作系统认证方式),这对于用脚本登录数据库进行操作来说是非常有用的;尤其对于企业安全要求很高,不希望用户名和密码明文存在配置文件中,而且对于密码的维护是极为方便的,比如我把wallet放在指定路径下,当修改密码时,只需统一覆盖wallet即可,对于有大量应用服务器尤为方便。
2.Wallet的创建和管理
1.创建wallet
$ mkdir -p/tmp/test_wallet
$ mkstore-wrl /tmp/test_wallet –create
$ cd /tmp/test_wallet/
$ ls
cwallet.ssoewallet.p12
配置连接串tnsnames.ora
WALLET_OCP11G =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = daidai.com)(PORT = 1522))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ocp11g)
)
)
配置sqlnet.ora
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/tmp/test_wallet)))
SQLNET.WALLET_OVERRIDE = TRUE
把登入数据库的用户认证信息添加到wallet中
$ mkstore --help
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
No wallet location specified.
mkstore [-wrl wrl] [-create] [-createSSO][-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry aliassecret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password][-listCredential] [-modifyCredential connect_string username password][-deleteCredential connect_string] [-help] [-nologo]
$ mkstore-wrl /tmp/test_wallet -createCredential wallet_ocp11g daidai love8013
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password:l 3
Create credential oracle.security.client.connect_string1
测试连接
至此,就可以使用wallet连接
$ sqlplus/@wallet_ocp11g
SQL*Plus:> Copyright (c) 1982, 2013, Oracle.All rights reserved.
Connected to:
Oracle Database 11g Enterprise EditionRelease 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Miningand Real Application Testing options
SQL>
2.管理wallet
管理wallet同样适用mkstore命令
查看Credential
$ mkstore-wrl /tmp/test_wallet -listCredential
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password:love801 3
List credential (index: connect_stringusername)
1: wallet_ocp11g daidai
修改wallet中用户密码
$ mkstore-wrl /tmp/test_wallet -modifyCredential wallet_ocp11g daidai love8014
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password:love80
Modify credential
Modify 1
$ sqlplus @/wallet_ocp11g
SQL*Plus:> Copyright (c) 1982, 2013, Oracle.All rights reserved.
SP2-0310: unable to openfile "/wallet_ocp11g.sql"
Enter user-name: daidai
Enter password:--此处输入正确密码则进入,错误密码则不进入
删除wallet的用户认证信息
$ mkstore -wrl/tmp/test_wallet -listCredential
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password:lov e8
List credential (index: connect_stringusername)
1: wallet_ocp11g daidai
$ mkstore-wrl /tmp/test_wallet -deleteCredential wallet_ocp11g
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password: ove801 3
Delete credential
Delete 1
查看wallet详细认证信息
$ mkstore-wrl /tmp/test_wallet -list
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password:le8013
Oracle Secret Store entries:
oracle.security.client.connect_string1
oracle.security.client.password1
oracle.security.client.username1
$mkstore-wrl /tmp/test_wallet -viewEntry oracle.security.client.connect_string1
Oracle Secret Store Tool : Version11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.
Enter wallet password:lo ve8
oracle.security.client.connect_string1 =wallet_ocp11g
更改wallet里用户认证信息的内容
mkstore -wrl /tmp/test_wallet -modifyEntry oracle.security.client.password1skatepwd1
mkstore -wrl /tmp/test_wallet -modifyEntry oracle.security.client.username1skate1
3.迁移linux wallet至window 7
[*] 按照linux中的样式修改tnsname.ora和sqlnet.ora,注意测试连通性
[*] mkstore -wrl e:/test_wallet –create
[*] 拷贝出linux中wallet文件覆盖windows中的wallet文件
windows迁移至linux,我没有测试。
页:
[1]