| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Transparent Data Encryption
On Tue, 02 May 2006 08:53:39 -0700, EdStevens wrote:
> Oracle 10.2 on both Solaris and Win2k3
>
> Digging through the Advanced Security Administrator's Guide, trying to set
> up a simple, easy to administer Transparent Data Encryption environment.
> Also reading MetaLink bulletin 317311.1.
>
> I used ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY .... to create a
> wallet in a default location, but I also see the comment that the wallet
> has to be manually opened every time the db is restarted. The Guide also
> talks about using wallets with automatic logon enabled, which remain open
> all the time. When trying to chase that down earlier, I got wadded up in
> discussions of certificates and other esoterica. Now, going back thru the
> chapter on Using Wallet Manager, I'm not so sure. But trying to step thru
> Wallet Manager, I made some other discovories.
>
> Having earlier created a wallet and encrypted a few columns from sqlplus,
> I already have, as expected, a wallet file ewallet.p12 in
> ORACL_HOME\admin\<sid>\wallet. Pure default, nothing in sqlnet.ora to
> direct this. Now, when I open Wallet Manager on this box, it doesn't show
> the existing wallet and, further, if I start down the path of creating a
> wallet, WM tells me the default directory doesn't exist. There is nothing
> on this db that is currently encrypted, so I have nothing to lose by
> creating a new wallet if need be.
>
> So, in the end, I have two questions:
>
> 1) Why does WM not recognize that I have an existing wallet, nor does it
> recognize that I have an existing default wallet directory?
>
I don't know. I have also the same problem.
> 2) Is there a SIMPLE way to set up TDE so that the wallet does NOT have to
> be manually opened after db restart? Is this going to require me to get
> into certificates .... yet another (for me) unexplored area?
>
Make the wallet 'autologin'. It's an option in WM. Clik on Wallet (inside
owm) and clikc on autologin.
I'm not sure if making a TDE wallet autologin
is a good idea. TDE is avoid people from accessing your database
after they managed to steal all the files. But if they steal also your
autologin wallet then they will be able to access your data. I may be
wrong on this.
> Thanks.
regards,
Ivan Received on Tue May 02 2006 - 11:08:13 CDT
 |
 |