TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P7
Applied Oracle Security: Developing Secure Database and Middleware Environments- P7:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 34 Part I Oracle Database Security New Features TDE Setup Oracle 10g TDE does require a small amount of configuration. The setup basically centers on creating the facilities for the key management. TDE uses the Oracle Wallet Manager to maintain encryption keys. You can think of the Oracle Wallet as secure container used to store authentication and signing credentials. These credentials may take the form of certificates needed for Secure Sockets Layer SSL Public Key Infrastructure PKI private keys or a TDE Master Key. When the wallet is used to store the TDE Master Key it s called an encryption wallet. A user with the ALTER SYSTEM privilege must create this wallet. Then you will find it as a file in one of three locations as specified by the ENCRYPTION_WALLET_LOCATION in the file. If this is not specified the wallet creating process will look next to the WALLET_LOCATION parameter in and lastly to the default location ORACLfBASf admin S D wallet . When first configuring TDE you must specify a value for the ENCRYPTION_WALLET_ LOCATION parameter which lives in the file here s an example ENCRYPTION_WALLET_LOCATION SOURCE METHOD FILE METHOD_DATA DIRECTORY c ORACLEBASE admin SID wallet Later we will discuss the options regarding the security functionality and location of the wallet for now assume the simple case it exists on the filesystem of our database server in the directory specified earlier. After including the ENCRYPTION_WALLET_LOCATION in the file you can create the wallet and populate it with a generated Master key. You will need the ALTER SYSTEM privilege to issue the following security_manager@AOS alter system set key identified by AppliedOracleSecurity This command does two things. It physically creates the file that holds the Oracle Wallet used for TDE and it generates a Master Key that is then stored in the wallet. The wallet itself can be in one of two states open or closed. The open state means the .
đang nạp các trang xem trước