Drop Down MenusCSS Drop Down MenuPure CSS Dropdown Menu

Oracle Transparent Data Encryption

-
TDE makes sure that the data is stored in encrypted form and when the data is accessed, it automatically decrypt it and it all happens transparently so it does not require even a single line of code at the application or database end.
 setup Transparent Data Encryption:
 First of all we need to define wallet location. Open your sqlnet.ora file and define the wallet location which can be any directory at the database server.
$ cd /d01/apps/oracle/network/admin
 $ mkdir tde_wallet
 $ vi sqlnet.ora

ENCRYPTION_WALLET_LOCATION =
 (SOURCE=
   (METHOD=file)
     (METHOD_DATA=
       (DIRECTORY=/d01/apps/oracle/network/admin/tde_wallet)))
Create a Secure Wallet to hold the Master Encryption Key:
$ sqlplus / as sysdba
SQL> alter system set encryption key authenticated by "ImOracle";       
 System altered.
Data with and without TDE:
create tablespace ts_tde datafile '/d01/apps/oradata/oraxpo/ts_tde01.dbf' size 20m autoextend on next 5m
extent management local segment space management auto;

create user tde_test identified by test  default tablespace ts_tde quota unlimited on ts_tde;
grant connect,resource to tde_test;
 We have a user named tde_test with a default tablespace ts_tde whose datafile.
conn tde_test/test
create table tde (sensitive_data varchar2(50));
insert into tde values ('This is very sensitive data');
commit;

 select * from tde;
  SENSITIVE_DATA
--------------------------------------------------
This is very sensitive data


SQL> conn / as sysdba
Connected.
 Flush the buffer_cache so that blocks in DB Buffer cache go to the datafile.
SQL> alter system flush buffer_cache;
 System altered.

 Now we create a table with a column encrypted transparently:
 $ sqlplus tde_test/test

 SQL> drop table tde purge;
 Table dropped.
 There are 4 encryption algorithms available for TDE.
   3DES168
   AES128
   AES192
   AES256
  AES192 is the default.
create table tde (sensitive_data varchar2(50) encrypt using '3DES168');
insert into tde values ('This is very sensitive data');
commit;


select * from tde;
 SENSITIVE_DATA
-------------------------------
This is very sensitive data
As you see the data entered in an encrypted column is accessible in clear text.
And that is why this encryption is called Transparent Data Encryption.
SQL> conn / as sysdba
Connected.

SQL> alter system flush buffer_cache;
 System altered.

SQL> select table_name , column_name , ENCRYPTION_ALG , SALT from dba_encrypted_columns;

TABLE_NAME     COLUMN_NAME       ENCRYPTION_ALG                SAL
-------------- ----------------- ----------------------------- ---
TDE            SENSITIVE_DATA    3 Key Triple DES 168 bits key YES


DBA_ENCRYPTED_COLUMNS gives you a list of all encrypted columns in the database.
Open and Close the wallet:
 $ sqlplus / as sysdba

 The database was restarted so the wallet is closed at this moment.
 Any query on encrypted columns will throw an error.
SQL> select * from tde_test.tde;
select * from tde_test.tde
                       *
ERROR at line 1:
ORA-28365: wallet is not open
 Let's open the wallet and notice you will need a password to open the wallet.
SQL> alter system set encryption wallet open authenticated by "ImOracle";
System altered.


SQL> select * from tde_test.tde;
  
SENSITIVE_DATA
--------------------------------------------------
This is very sensitive

  This is how we close the wallet.
SQL> alter system set encryption wallet close;
 System altered.

 SQL> select * from tde_test.tde;
select * from tde_test.tde
                       *
ERROR at line 1:
ORA-28365: wallet is not open

Comments

Post a Comment

Popular posts from this blog

How to find the server is whether standby (slave) or primary(master) in Postgresql replication ?

-
Method 1 You can check the mode of the server using "pg_controldata". [pgsql@test~]$ pg_controldata /usr/local/pgsql/data84/ Database cluster state: in archive recovery --> This is Standby Database Database cluster state: in production --> This is Production Database [Master] Method 2 You can use pg_is_in_recovery() which returns True if recovery is still in progress(so the server is running in standby mode or slave) postgres=# select pg_is_in_recovery(); pg_is_in_recovery ------------------- t (1 row) If Return    false   so the server is running in primary mode or master postgres=# select pg_is_in_recovery(); pg_is_in_recovery ------------------- f (1 row)
Read more

7 Steps to configure BDR replication in postgresql

-
Image
 The  BDR  (Bi-Directional Replication) project adds multi-master replication to PostgreSQL 9.4.  Postgres-BDR has a lower impact on the masters(s) than trigger-based replication solutions. There is no write-amplification, as it does not require triggers to write to queue tables in order to replicate writes.   Here We are using  postgres version 9.4.12 and bdr version 1.0.2. for configuring  multi master replication . Simply Following 7 steps you can configure the multi master replication in postgresql. To download the bdr in below link. .   https://github.com/2ndQuadrant/bdr/archive/bdr-pg/REL9_4_12-1.tar.gz $ tar -xzvf REL9_4_12-1.tar.gz $ wget https://github.com/2ndQuadrant/bdr/archive/bdr-plugin/1.0.2.tar.gz $ tar -xzvf 1.0.2.tar.gz 1. To install BDR. $ cd ~/bdr-bdr-pg-REL9_4_12-1 $ ./configure --prefix=/usr/lib/postgresql/9.4 --enable-debug --with-openssl $ make -j4 -s install-world $ cd ~/bdr-bdr-plugin-1.0.2 $ PATH=/usr/lib/postgresql/9.4/bin:"$PATH" ./c
Read more

How to Get Table Size, Database Size, Indexes Size, schema Size, Tablespace Size, column Size in PostgreSQL Database

-
In this post, I am sharing few important function for finding the size of database, table and index in PostgreSQL. Finding object size in postgresql database is very important and common. Is it very useful to know the exact size occupied by the object at the tablespace. The object size in the following scripts is in GB. The scripts have been formatted to work very easily with PUTTY SQL Editor. 1. Checking table size excluding table dependency: SELECT pg_size_pretty(pg_relation_size('mhrordhu_shk.mut_kharedi_audit')); pg_size_pretty ---------------- 238 MB (1 row) 2. Checking table size including table dependency: SELECT pg_size_pretty(pg_total_relation_size('mhrordhu_shk.mut_kharedi_audit')); pg_size_pretty ---------------- 268 MB (1 row) 3. Finding individual postgresql database size SELECT pg_size_pretty(pg_database_size('db_name')); 4. Finding individual table size for postgresql database -including dependency index: SELECT pg_size_pretty(pg_total_rel
Read more

Ora2PG - Oracle/MySQL to Postgres DB migration Version 20.0

-
Ora2Pg is a free tool used to  migrate  an  Oracle  or MySQL database to a  PostgreSQL  compatible schema. It connects your  Oracle  database, scan it automatically and extracts its structure or data, it then generates SQL scripts that you can load into your  PostgreSQL  database. ora2pg version 20.0 software : ora2pg-20.0.tar ora2pg-20.0   https://github.com/darold/ora2pg/releases/tag/v20.0 Some Blogs about DB Migration : https://2ndquadrant.in/postgresmigration/oracle-to-postgresql-migration/ https://2ndquadrant.in/database-migration-from-oracle-to-postgres/ INSTALLATION All Perl modules can always be found at CPAN ( http://search.cpan.org/ ). Just type the full name of the module (ex: DBD::Oracle) into the search input box, it will brings you the page for download. Releases of Ora2Pg stay at SF.net ( https://sourceforge.net/projects/ora2pg/ ). Under Windows you should install Strawberry Perl ( http://strawberryperl.com/ ) and the OSes corresponding Oracle clients. I
Read more

PostgreSQL Introduction

-
PostgreSQL tutorial provides basic and advanced concepts of SQL. Our PostgreSQL tutorial is designed for beginners and professionals. PostgreSQL is an opens-source object-relational database management system (ORDBMS). Our PostgreSQL tutorial includes all topics of PostgreSQL language such as create database, create table, drop database, drop table, select database, select table, insert record, update record, delete record, triggers, functions, procedures, cursors etc. There are also given PostgreSQL interview questions and quizzes to help you better understand the PostgreSQL language. Prerequisite: Before you start doing practice with various types of examples given in this reference, I'm making an assumption that you are already aware about what is database, especially RDBMS and what is a computer programming language. you must have the basic knowledge of SQL Problem: We assure that you will not find any problem in this PostgreSQL tutorial. But if there is any mistake
Read more