Oracle Wallet初探

1.  什么是Wallet

A datastructure used to store and manage security credentials for an individualentity.

从Oracle10gR2开始, 通过使用Oracle Wallet达到用户不使用密码登录数据库(非操作系统认证方式),这对于用脚本登录数据库进行操作来说是非常有用的；尤其对于企业安全要求很高，不希望用户名和密码明文存在配置文件中，而且对于密码的维护是极为方便的，比如我把wallet放在指定路径下，当修改密码时，只需统一覆盖wallet即可，对于有大量应用服务器尤为方便。

2.  Wallet的创建和管理

1.创建wallet

[oracle@daidai ~]$ mkdir -p/tmp/test_wallet

[oracle@daidai ~]$ mkstore-wrl /tmp/test_wallet –create

[oracle@daidai ~]$ cd /tmp/test_wallet/

[oracle@daidai test_wallet]$ ls

cwallet.sso  ewallet.p12

配置连接串tnsnames.ora

WALLET_OCP11G =

 (DESCRIPTION =

   (ADDRESS = (PROTOCOL = TCP)(HOST = daidai.com)(PORT = 1522))

   (CONNECT_DATA =

     (SERVER = DEDICATED)

     (SERVICE_NAME = ocp11g)

    )

  )

配置sqlnet.ora

WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/tmp/test_wallet)))

SQLNET.WALLET_OVERRIDE = TRUE

把登入数据库的用户认证信息添加到wallet中

[oracle@daidai ~]$ mkstore --help

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

No wallet location specified.

mkstore [-wrl wrl] [-create] [-createSSO][-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry aliassecret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password][-listCredential] [-modifyCredential connect_string username password][-deleteCredential connect_string] [-help] [-nologo]

[oracle@daidai ~]$ mkstore-wrl /tmp/test_wallet -createCredential wallet_ocp11g daidai love8013

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password:l         3

Create credential oracle.security.client.connect_string1

测试连接

至此，就可以使用wallet连接

[oracle@daidai ~]$ sqlplus/@wallet_ocp11g

SQL*Plus: Release 11.2.0.4.0 Production onTue Jun 14 14:47:49 2016

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise EditionRelease 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

SQL>

2.管理wallet

管理wallet同样适用mkstore命令

查看Credential

[oracle@daidai ~]$ mkstore-wrl /tmp/test_wallet -listCredential

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password:love801   3

List credential (index: connect_stringusername)

1: wallet_ocp11g daidai

修改wallet中用户密码

[oracle@daidai ~]$ mkstore-wrl /tmp/test_wallet -modifyCredential wallet_ocp11g daidai love8014

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password:love80    

Modify credential

Modify 1

[oracle@daidai ~]$ sqlplus @/wallet_ocp11g

SQL*Plus: Release 11.2.0.4.0 Production onTue Jun 14 14:58:35 2016

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

SP2-0310: unable to openfile "/wallet_ocp11g.sql"

Enter user-name: daidai

Enter password:--此处输入正确密码则进入，错误密码则不进入

删除wallet的用户认证信息

[oracle@daidai ~]$ mkstore -wrl/tmp/test_wallet -listCredential

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password:lov   e8  

List credential (index: connect_stringusername)

1: wallet_ocp11g daidai

[oracle@daidai ~]$ mkstore-wrl /tmp/test_wallet -deleteCredential wallet_ocp11g

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password: ove801   3

Delete credential

Delete 1

查看wallet详细认证信息

[oracle@daidai ~]$ mkstore-wrl /tmp/test_wallet -list

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password:l  e8  013

Oracle Secret Store entries:

oracle.security.client.connect_string1

oracle.security.client.password1

oracle.security.client.username1

[oracle@daidai ~]$mkstore-wrl /tmp/test_wallet -viewEntry oracle.security.client.connect_string1

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

Enter wallet password:lo   ve8  

oracle.security.client.connect_string1 =wallet_ocp11g

更改wallet里用户认证信息的内容

mkstore -wrl /tmp/test_wallet -modifyEntry oracle.security.client.password1skatepwd1

mkstore -wrl /tmp/test_wallet -modifyEntry oracle.security.client.username1skate1

3.  迁移linux wallet至window 7

1. 按照linux中的样式修改tnsname.ora[IP & port]和sqlnet.ora[walletpath]，注意测试连通性

2. mkstore -wrl e:/test_wallet –create

3. 拷贝出linux中wallet文件覆盖windows中的wallet文件

windows迁移至linux，我没有测试。