ITPub博客

首页 > 数据库 > Oracle > 关于Transportable模式下能否对导出表空间的dumpfile进行加密的测试

关于Transportable模式下能否对导出表空间的dumpfile进行加密的测试

原创 Oracle 作者:oliseh 时间:2014-10-08 23:43:39 0 删除 编辑

Ttstbs1是一个加密表空间,现在欲将其以transportable方式导出来,并且对生成的dmpfile以加密方式存储,试过了下面三条命令:

expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=all

ORA-39005: inconsistent arguments

ORA-39032: function ENCRYPTION is not supported in TRANSPORT_TABLESPACES jobs

 

expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption_password=abcd_1234

ORA-39005: inconsistent arguments

ORA-39032: function ENCRYPTION_PASSWORD is not supported in TRANSPORT_TABLESPACES

 

expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=data_only encryption_mode=transparent

ORA-39005: inconsistent arguments

ORA-39032: function ENCRYPTION is not supported in TRANSPORT_TABLESPACES

 

上面三种方法都会遇到ORA-39005ORA-39032错误,都是因为encryption参数设置的值和transport tablespace类型的导出行为相冲突,其实transportable方式导出的表空间的dump文件里本身就只包含metadata,不包含用户数据(其中第二条命令隐含了encryption=all)

 

--改为如下语句后成功

expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=metadata_only encryption_mode=transparent

 

上面虽然定义了encryption_mode=transparent,意在通过TDE对导出的dmpfile文件进行加密,结果是否真的加密了,我们进一步测试一下

 

--关闭源库上的encryption Wallet重新进行expdp操作

SQL> Alter system set encryption wallet close identified by "tde_1234";

 

System altered.

 

SQL> select * from v$encryption_wallet;

 

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

file

/oradata06/wallet

CLOSED

 

expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_ttstab1.log dumpfile=ttstab1.dmp reuse_dumpfiles=yes transport_tablespaces=ttstbs1 encryption=metadata_only encryption_mode=transparent

 

Processing object type TRANSPORTABLE_EXPORT/PLUGTS_BLK

Processing object type TRANSPORTABLE_EXPORT/TABLE

Processing object type TRANSPORTABLE_EXPORT/POST_INSTANCE/PLUGTS_BLK

Master table "SCOTT"."SYS_EXPORT_TRANSPORTABLE_01" successfully loaded/unloaded

******************************************************************************

Dump file set for SCOTT.SYS_EXPORT_TRANSPORTABLE_01 is:

  /oradata01/hisdmp/monthly/ttstab1.dmp

******************************************************************************

Datafiles required for transportable tablespace TTSTBS1:

  /oradata06/ttstbs1.dbf

Job "SCOTT"."SYS_EXPORT_TRANSPORTABLE_01" successfully completed at 11:45:30

 

可见在wallet close的情况下依然能成功生成dumpfile,说明encryption_mode参数被忽略,dumpfile并没有以加密形式存储,那么是否因为导出的是metadata所以oracle就不对其进行加密了,再接着下一轮的测试:

 

--encryption wallet依然保持close状态

SQL> select * from v$encryption_wallet;

 

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

file

/oradata06/wallet

CLOSED

 

--table modeexpdp metadata

expdp scott/abcd_1234@shzwbcv2 directory=hisdmp logfile=exp_s240.log dumpfile=s240.dmp reuse_dumpfiles=yes tables=s240 content=metadata_only encryption=metadata_only encryption_mode=transparent

 

ORA-39002: invalid operation

ORA-39188: unable to encrypt dump file set

ORA-28365: wallet is not open

 

--tablespace modeexpdp metadata

expdp scott/abcd_1234 directory=hisdmp logfile=ttstbs1_con.log dumpfile=ttstbs1_con.dmp tablespaces=ttstbs1 encryption=metadata_only content=metadata_only reuse_dumpfiles=yes  encryption_mode=transparent

 

ORA-39002: invalid operation

ORA-39188: unable to encrypt dump file set

ORA-28365: wallet is not open

 

总结:在我们测试的三种expdp模式(tablespace modetable modetransportable mode)里导出的都是仅包含metadatadumpfile,其中tablespace modetable mode里如果需要对dumpfile使用TDE进行加密,都要求encryption wallet处于open状态,可以推断,这两种模式下如果encryption Wallet open,生成的dmpfile的确能够以加密形式存储。而transportable modeencryption相关的参数被忽略,说明transportable mode下生成的dumpfile都是明文存放的,无法实现加密。但是查阅了官方的相关文档都没有明确提到这点,在此加以记录

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/53956/viewspace-1292301/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
不仅仅专注Oracle database技术, member of SHOUG

注册时间:2014-04-06

  • 博文量
    128
  • 访问量
    1617266