ORACLE WALLET: Secure external password storage using oracle Wallet.
Some time we create shell scripts or batch file etc. for database operation.In particulate file we specify the oracle user name and password so it will not secure that means any person can get our username and password through this file. So nullify this problem oracle provide the solution called as oracle wallet. Using this you can directly connect to oracle server using service name example: '/@db11g' no need to specify username and password. So no one can get your oracle user password.
:- ORACLE wallet creation steps.
[oracle@orcl admin]$ vi sqlnet.ora
stener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY =/u01/app/oracle/product/11.2.0/db_1/network/admin)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
[oracle@orcl admin]$ mkstore -wrl "/u01/app/oracle/product/11.2.0/db_1/network/admin" -create
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
(password should be a strong password which contain character/number/special value)
[oracle@orcl admin]$ mkstore -wrl "/u01/app/oracle/product/11.2.0/db_1/network/admin" -createCredential db11g scott tiger
(db11g is service name which specified into tnsname.ora and listener.ora then username and password)
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: (Enter the oracle wallet password which specified on above command)
[oracle@orcl admin]$ mkstore -wrl "/u01/app/oracle/product/11.2.0/db_1/network/admin" -listCredential
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
1: db11g scott
(this command shows the user entry in oracle wallet with there name and service name)
[oracle@orcl admin]$ sqlplus /@db11g (db11g is service name)
SQL*Plus: Release 11.2.0.1.0 Production on Fri Jun 14 21:42:55 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
---Password credentials of existing wallet entries can be modified or deleted using the below commands.
Note:- every username should have different service name. so service name cant be conflict for username and his password.
Some time we create shell scripts or batch file etc. for database operation.In particulate file we specify the oracle user name and password so it will not secure that means any person can get our username and password through this file. So nullify this problem oracle provide the solution called as oracle wallet. Using this you can directly connect to oracle server using service name example: '/@db11g' no need to specify username and password. So no one can get your oracle user password.
:- ORACLE wallet creation steps.
[oracle@orcl admin]$ vi sqlnet.ora
stener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY =/u01/app/oracle/product/11.2.0/db_1/network/admin)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
[oracle@orcl admin]$ mkstore -wrl "/u01/app/oracle/product/11.2.0/db_1/network/admin" -create
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
(password should be a strong password which contain character/number/special value)
[oracle@orcl admin]$ mkstore -wrl "/u01/app/oracle/product/11.2.0/db_1/network/admin" -createCredential db11g scott tiger
(db11g is service name which specified into tnsname.ora and listener.ora then username and password)
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: (Enter the oracle wallet password which specified on above command)
[oracle@orcl admin]$ mkstore -wrl "/u01/app/oracle/product/11.2.0/db_1/network/admin" -listCredential
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
1: db11g scott
(this command shows the user entry in oracle wallet with there name and service name)
[oracle@orcl admin]$ sqlplus /@db11g (db11g is service name)
SQL*Plus: Release 11.2.0.1.0 Production on Fri Jun 14 21:42:55 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
---Password credentials of existing wallet entries can be modified or deleted using the below commands.
mkstore -wrl <wallet_location> -modifyCredential <dbase_alias> <username> <password> mkstore -wrl <wallet_location> -deleteCredential <db_alias>
Note:- every username should have different service name. so service name cant be conflict for username and his password.
No comments:
Post a Comment