Beruflich Dokumente
Kultur Dokumente
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
Wallets can be copied to different machines, which can represent a security risk. In 11g
Release 2, you can prevent the auto login functionality of the wallet from working if it is
copied to another machine by creating a local wallet using the "orapki" command, instead
of the "mkstore" command.
$ orapki wallet create -wallet "/u01/app/oracle/wallet" -pwd
"mypassword" -auto_login_local
Once the wallet is created, it can be modified using the "mkstore" command described
below.
Add the password credentials to the wallet using the -createCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential db10g
scott tiger
Enter password:
Create credential oracle.security.client.connect_string1
$
The db_alias, in this case "db10g", is the identifier used in the "/@db_alias" syntax, and
must have a matching entry in the "tnsnames.ora" file.
The credentials present in the wallet are listed using the -listCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -listCredential
Enter password:
List credential (index: connect_string username)
1: db10g scott
$
With the wallet created and the password credentials in place, connect to the database
without specifying the username and password, as shown below.
$ sqlplus /@db10g
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jul 19 08:15:09
2007
Copyright (c) 1982, 2005, Oracle.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining
Scoring Engine options
SQL> show user
USER is "SCOTT"
SQL>
That's fine if you only ever connect as a single user to each database, but what if you
connect as multiple users? Simply add a new entry into the wallet using a different
db_alias and make sure the alias is present in the "tnsnames.ora" file. So if we have a
user called "test" on the "db10g" database, we create a new entry in the wallet.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential
db10g_test test test
Enter password:
Create credential oracle.security.client.connect_string1
$
Make a new entry for the "db10g" database in the client "tnsnames.ora" file.
DB10G_TEST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DB10G.WORLD)
)
)