大文件表空间概要与表空间加密

创建大文件表空间

Create bigfile tablespace bigtbs01 datafile ‘/u01/app/oracle/oradata/VDEDU/bigtbs.dbf’

大文件表空间只能有一个数据文件

大文件表空间好处

只需要创建和表空间一样多的数据文件

不必经常给表空间增加数据文件

简化大数据库中的数据文件管理

不会很快达到文件的极限，因此存储能力显著增强

限制

必须使用自动段空间管理

建议与逻辑卷和支持条带化和镜像的自动存储管理（ASM）

表空间加密

[oracle@oracle01 admin]$ vi sqlnet.ora

TCP.VALIDNODE_CHECKING=yes

#TCP.EXCLUDED_NODES=(172.16.236.1,192.168.253.1)

TCP.INVITED_NODES=(192.168.1.109,172.16.236.130)

encryption_wallet_location=(source=(method=file)(method_data=(directory=/u01/app/wallet)))

[oracle@oracle01 admin]$ mkdir -p /u01/app/wallet

SQL> alter system set encryption key identified by "oracle123";

给系统设定加密密码为oracle123 注意密码字段用双引号

创建加密表空间

SQL> create tablespace enchzh1 datafile '/u01/app/oracle/oradata/VDEDU/enchzh101.dbf' size 100m encryption using '3DES168' default storage(ENCRYPT);

默认加密算法是DES128,其他的有3DES168,AES128,AES256

SQL> select tablespace_name,bigfile,encrypted from dba_tablespaces;

TABLESPACE_NAME        BIG ENC

------------------------------ --- ---

APP        NO  NO

ENCHZH1        NO  YES

查询用户使用的默认表空间是哪个

SQL> select username,default_tablespace from dba_users;

USERNAME        DEFAULT_TABLESPACE

------------------------------ ------------------------------

HR        HRTBS

SQL> conn hr/oracle

Connected.

SQL> show user

USER is "HR"

SQL> create table t11(x varchar2(100));

Table created.

SQL> create table t12(x varchar2(100)) tablespace enchzh1;表t12指定使用刚才创建的加密表空间

Table created.

插入相同数据

SQL> insert into t11 values(‘kawashibara’);

1 row created.

SQL> insert into t12 values(‘kawashibara’);

1 row created.

使表空间脱机

SQL> alter tablespace HRTBS offline;

Tablespace altered.

SQL> alter tablespace enchzh1 offline;

Tablespace altered.

使表空间联机

SQL> alter tablespace HRTBS online;

Tablespace altered.

SQL> alter tablespace enchzh1 online;

Tablespace altered.

[oracle@oracle01 admin]$ cd /u01/app/oracle/oradata/VDEDU/

[oracle@oracle01 VDEDU]$ strings hrtbs01.dbf | grep kawashibara

kawashibara

这个表空间没有加密，可以看到数据

[oracle@oracle01 VDEDU]$ strings enchzh101.dbf | grep kawashibara

在加密表空间的数据文件中看不到插入的数据

管理表空间的数据字典视图

Dba_tablespaces;

Dba_free_space;

Dba_segments;

Dba_data_files;

Dba_temp_files;

Dba_tablespace_groups;

V$datafile;

V$filestat;

钱包的作用

SQL> select * from gv$encryption_wallet;

   INST_ID WRL_TYPE

---------- --------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

 1 file

/u01/app/wallet

OPEN

若密码错误则无法关闭钱包

SQL> alter system set encryption wallet close identified by "oracle12";

alter system set encryption wallet close identified by "oracle12"

*

ERROR at line 1:

ORA-28391: cannot close wallet or HSM, password mismatch

SQL> alter system set encryption wallet close identified by "oracle123";关闭钱包

无法看到加密表空间中的表

SQL> select * from hr.t12;

select * from hr.t12

                 *

ERROR at line 1:

ORA-28365: wallet is not open

SQL> alter system set encryption wallet open identified by "oracle123";打开钱包

可以看到加密表空间的表了

SQL> select * from hr.t12;

X

----------------------------------------------------------------------------------------------------

kawashibara

Wallet关闭时修改

SQL> alter system set encryption wallet close identified by "oracle123";

[oracle@oracle01 ~]$ orapki wallet change_pwd -wallet /u01/app/wallet/

Oracle PKI Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:            

New password:

Enter wallet password:            

SQL> alter system set encryption wallet open identified by "oracle123";

alter system set encryption wallet open identified by "oracle123"

*

ERROR at line 1:

ORA-28353: failed to open wallet

SQL> alter system set encryption wallet open identified by "oracle456";

System altered.