Re: Tde and Rman

From: max scalf <oracle.blog3_at_gmail.com>
Date: Tue, 29 Sep 2015 08:15:06 -0500
Message-ID: <CAKoJ+qC13i_e91a_t6EJXekXCVHgQSj-GFoGj_TSFovszVYf6A_at_mail.gmail.com>



Jeremy,

Thank you very much for all that information. Now that I know all of that, off to testing this out.

Thanks again.

On Tue, Sep 29, 2015 at 6:32 AM, Jeremy Schneider < jeremy.schneider_at_ardentperf.com> wrote:

> hey max - just spent a few seconds refreshing my memory and i wanted
> to briefly circle back on this thread
>
> first off, two recent oracle-l threads related to this topic might be
> worth reading:
> http://www.freelists.org/post/oracle-l/Autostarting-wallet-question,3
> https://www.freelists.org/post/oracle-l/Transparent-Data-Encryption,3
>
> there are some important differences between "auto-login" wallets and
> a "local-auto-login" wallets. auto-login wallets have been around for
> a long time - i see references in the docs as far back as version
> 8.1.7 [ http://docs.oracle.com/cd/A87860_01/doc/index.htm ]. I don't
> see mention of *local* auto-login wallets before version 11.2. note
> that both use the filename "cwallet.sso"... so just by looking at the
> filename you can't tell if it's local or not on version 11gR2.
> (brilliant...)
>
> i said in one of those old threads that i'd be hesitant to use the old
> "auto-login" wallet. lots of people do use them - you just need to be
> aware that the cwallet file *can* be copied to any server and used to
> decrypt data - with no password - so be very careful with them! under
> no circumstances should they be backed up with your data!
>
> local wallets cannot be copied to another server, although Oracle of
> course hasn't published the algorithms they use to identify the local
> machine or obfuscate the keys - and some very security-minded folks
> still prefer to avoid these.
>
> On Sun, Sep 27, 2015 at 9:40 AM, max scalf <oracle.blog3_at_gmail.com> wrote:
> > So if i understand you correctly(for 11g) that as long as we replicate
> our
> > ewallet.p12 file on the DR server and create/generate a local wallet we
> > should be good to go for the restore on DR side.
>
> yes that's correct
>
> > So i am guessing the same rule apply, don't backup your database and the
> > ewallet.p12 key to same location(especially not the cwallet.sso file,
> better
> > of not backing this file up as it's useless elsewhere).
>
> exactly right - and be careful since cwallet.sso is *not* useless
> elsewhere if it was created with the non-local option on 11gR2 or any
> previous version!
>
> -Jeremy
>
> --
> http://about.me/jeremy_schneider
>

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Sep 29 2015 - 15:15:06 CEST

Original text of this message