Ttstbs1是一个加密表空间,现在欲将其以transportable方式导出来,并且对生成的dmpfile以加密方式存储,试过了下面三条命令:
expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=all
ORA-39005: inconsistent arguments
ORA-39032: function ENCRYPTION is not supported in TRANSPORT_TABLESPACES jobs
expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption_password=abcd_1234
ORA-39005: inconsistent arguments
ORA-39032: function ENCRYPTION_PASSWORD is not supported in TRANSPORT_TABLESPACES
expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=data_only encryption_mode=transparent
ORA-39005: inconsistent arguments
ORA-39032: function ENCRYPTION is not supported in TRANSPORT_TABLESPACES
上面三种方法都会遇到ORA-39005、ORA-39032错误,都是因为encryption参数设置的值和transport tablespace类型的导出行为相冲突,其实transportable方式导出的表空间的dump文件里本身就只包含metadata,不包含用户数据(其中第二条命令隐含了encryption=all)
--改为如下语句后成功
expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=metadata_only encryption_mode=transparent
上面虽然定义了encryption_mode=transparent,意在通过TDE对导出的dmpfile文件进行加密,结果是否真的加密了,我们进一步测试一下
--关闭源库上的encryption Wallet重新进行expdp操作
SQL> Alter system set encryption wallet close identified by "tde_1234";
System altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS
------------------
file
/oradata06/wallet
CLOSED
expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=metadata_only encryption_mode=transparent
Processing object type TRANSPORTABLE_EXPORT/PLUGTS_BLK
Processing object type TRANSPORTABLE_EXPORT/TABLE
Processing object type TRANSPORTABLE_EXPORT/POST_INSTANCE/PLUGTS_BLK
Master table "SCOTT"."SYS_EXPORT_TRANSPORTABLE_01" successfully loaded/unloaded
******************************************************************************
Dump file set for SCOTT.SYS_EXPORT_TRANSPORTABLE_01 is:
/oradata01/hisdmp/monthly/ttstab1.dmp
******************************************************************************
Datafiles required for transportable tablespace TTSTBS1:
/oradata06/ttstbs1.dbf
Job "SCOTT"."SYS_EXPORT_TRANSPORTABLE_01" successfully completed at 11:45:30
可见在wallet close的情况下依然能成功生成dumpfile,说明encryption_mode参数被忽略,dumpfile并没有以加密形式存储,那么是否因为导出的是metadata所以oracle就不对其进行加密了,再接着下一轮的测试:
--encryption wallet依然保持close状态
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS
------------------
file
/oradata06/wallet
CLOSED
--在table mode下expdp metadata
expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_s240.log dumpfile=s240.dmp reuse_dumpfiles=yes tables=s240 content=metadata_only encryption=metadata_only encryption_mode=transparent
ORA-39002: invalid operation
ORA-39188: unable to encrypt dump file set
ORA-28365: wallet is not open
--在tablespace mode下expdp metadata
expdp scott/abcd_1234 directory=hisdmp logfile=ttstbs1_con.log dumpfile=ttstbs1_con.dmp tablespaces=ttstbs1 encryption=metadata_only content=metadata_only reuse_dumpfiles=yes encryption_mode=transparent
ORA-39002: invalid operation
ORA-39188: unable to encrypt dump file set
ORA-28365: wallet is not open
总结:在我们测试的三种expdp模式(tablespace mode、table mode、transportable mode)里导出的都是仅包含metadata的dumpfile,其中tablespace mode和table mode里如果需要对dumpfile使用TDE进行加密,都要求encryption wallet处于open状态,可以推断,这两种模式下如果encryption Wallet open,生成的dmpfile的确能够以加密形式存储。而transportable mode下encryption相关的参数被忽略,说明transportable mode下生成的dumpfile都是明文存放的,无法实现加密。但是查阅了官方的相关文档都没有明确提到这点,在此加以记录
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/53956/viewspace-1292301/,如需转载,请注明出处,否则将追究法律责任。
