oracle中rman备份集加密的方法

 下面我们来看看一个oracle中rman备份集加密的方法,希望这个例子能帮助到各位朋友了.

 

数据的安全越来越重要,不是说你的生产库安全,你的数据就一定安全了,rman备份也是泄露数据的一个重要地方,如果别人拿到了你的备份集,一样等同入侵了你的生产库。为了rman备份的安全,最简单方式就是使用set encryption方式在rman备份过程中设置密码,需要版本为10.2及其以后企业版版,另外如果需要备份到带库只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy无法进行加密
数据库版本

SQL> select * from v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE    11.2.0.4.0      Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production

SQL> show parameter compatible

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
compatible                           string      11.2.0.4.0

支持rman加密算法

SQL> select ALGORITHM_NAME
  2  from V$RMAN_ENCRYPTION_ALGORITHMS;

ALGORITHM_NAME
----------------------------------------------------------------
AES128
AES192
AES256

调整加密算法

RMAN> show  ENCRYPTION ALGORITHM;

RMAN configuration parameters for database with db_unique_name ORCL are:
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256';

new RMAN configuration parameters:
CONFIGURE ENCRYPTION ALGORITHM 'AES256';
new RMAN configuration parameters are successfully stored

RMAN> show ENCRYPTION ALGORITHM;

using target database control file instead of recovery catalog
RMAN configuration parameters for database with db_unique_name ORCL are:
CONFIGURE ENCRYPTION ALGORITHM 'AES256';

创建新测试数据文件

我们这里测试的是对新创建的5号文件进行加密备份和还原
SQL> select name from v$datafile;

NAME
--------------------------------------------------------------------------------
/u01/app/oracle/oradata/orcl/system01.dbf
/u01/app/oracle/oradata/orcl/sysaux01.dbf
/u01/app/oracle/oradata/orcl/undotbs01.dbf
/u01/app/oracle/oradata/orcl/users01.dbf

SQL> create tablespace rman_xifenfei datafile 
  2 '/u01/app/oracle/oradata/orcl/xifenfei01.dbf' size 100M;

Tablespace created.

SQL> select file#,name from v$datafile;

     FILE# NAME
---------- --------------------------------------------------
         1 /u01/app/oracle/oradata/orcl/system01.dbf
         2 /u01/app/oracle/oradata/orcl/sysaux01.dbf
         3 /u01/app/oracle/oradata/orcl/undotbs01.dbf
         4 /u01/app/oracle/oradata/orcl/users01.dbf
         5 /u01/app/oracle/oradata/orcl/xifenfei01.dbf

SQL> create table chf.t_xifenfei tablespace rman_xifenfei 
  2  as select * from dba_objects;

Table created.

SQL> select count(*) from chf.t_xifenfei;

  COUNT(*)
----------
     86721

rman加密备份

RMAN> set encryption on identified by 'www.111cn.net' only;

executing command: SET encryption

RMAN> backup datafile 5;

Starting backup at 28-JAN-15
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=5 device type=DISK
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: starting piece 1 at 28-JAN-15
channel ORA_DISK_1: finished piece 1 at 28-JAN-15
piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 28-JAN-15

准备恢复测试

RMAN> sql 'alter database datafile 5 offline';

sql statement: alter database datafile 5 offline

[oracle@localhost ~]$ rm /u01/app/oracle/oradata/orcl/xifenfei01.dbf
[oracle@localhost ~]$ ls /u01/app/oracle/oradata/orcl/xifenfei01.dbf
ls: /u01/app/oracle/oradata/orcl/xifenfei01.dbf: No such file or directory

rman恢复测试

[oracle@localhost ~]$ rman target /

Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015

Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.

connected to target database: ORCL (DBID=1378620768)

RMAN> list backup of datafile 5;

using target database control file instead of recovery catalog

List of Backup Sets
===================

BS Key  Type LV Size       Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
1       Full    10.94M     DISK        00:00:01     28-JAN-15      
        BP Key: 1   Status: AVAILABLE  Compressed: NO  Tag: TAG20150128T230115
        Piece Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
  List of Datafiles in backup set 1
  File LV Type Ckp SCN    Ckp Time  Name
  ---- -- ---- ---------- --------- ----
  5       Full 54057180   28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf

--未输入密码

RMAN> restore datafile 5;

Starting restore at 28-JAN-15
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=492 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 01/28/2015 23:02:52
ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

--设置错误密码

RMAN> SET DECRYPTION IDENTIFIED BY 'www.orasos.com';

executing command: SET decryption

RMAN> restore datafile 5;

Starting restore at 28-JAN-15
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 01/28/2015 23:03:31
ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

--设置正确密码

RMAN> SET DECRYPTION IDENTIFIED BY 'www.111cn.net';

executing command: SET decryption

RMAN> restore datafile 5;

Starting restore at 28-JAN-15
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
channel ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 28-JAN-15
验证数据还原
RMAN> recover datafile 5;

Starting recover at 28-JAN-15
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=7 device type=DISK

starting media recovery
media recovery complete, elapsed time: 00:00:00

Finished recover at 28-JAN-15

RMAN> sql 'alter database datafile 5 online';

sql statement: alter database datafile 5 online

RMAN> exit

Recovery Manager complete.
[oracle@localhost ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select count(*) from chf.t_xifenfei;

  COUNT(*)
----------
     86721

至此我们可以看到,最简单的rman加密备份和加密恢复测试完成,在使用set encryption加密后,如果不输入或者错误的输入密码无法使用备份集,从而确保了备份集的安全.

时间: 2024-09-11 15:18:58

oracle中rman备份集加密的方法的相关文章

oracle中RMAN备份和检查逻辑坏块

1. RMAN备份时是默认检查物理坏块. 2. 如果要检查逻辑坏块,可以用如下语句: $ rman target / RMAN> backup check logical validate database; 注上述语句,只是检查,不会备份的. 3. 如果要在备份的同时,进行逻辑坏块检查,可以用: $ rman target / RMAN> backup check logical database; 4.如果发现坏逻辑如何处理,下面补充一篇教程. 利用RMAN检测数据库坏块的脚本 虽然我们也

在win7系统电脑中导出/备份注册表的方法

  在win7系统电脑中导出/备份注册表的方法 1.点击开始菜单,在搜索框中输入"regedit" 按下回车键即可打开"注册表"; 2.在注册表中找到要备份的项或子项,并选中,如果备份整个注册表则无需选取任何项; 3.点击"文件 - 导出"; 4.选择好需要保存的位置,然后被备份文件起个名,如"bak"点击保存即可; 5.保存后我们可以在对应的路径中看到.reg的备份文件,只需双击可以还原注册表设置.

在JSP中如何实现MD5加密的方法_javascript技巧

在各种应用系统的开发中,经常需要存储用户信息,很多地方都要存储用户密码,而将用户密码直接存储在服务器上显然是不安全的,本文简要介绍在JSP中如何实现MD5加密的方法,希望能抛砖引玉. (一)消息摘要简介 一个消息摘要就是一个数据块的数字指纹.即对一个任意长度的一个数据块进行计算,产生一个唯一指印(对于SHA1是产生一个20字节的二进制数组).消息摘要是一种与消息认证码结合使用以确保消息完整性的技术.主要使用单向散列函数算法,可用于检验消息的完整性,和通过散列密码直接以文本形式保存等,目前广泛使用

oracle归档模式下的Rman备份集在异机恢复简介

环境: OS:Red Hat Linux As 5 DB:10.2.0.4 有些时候因为测试环境需要,我们需要使用生产库的备份集在另外一台新的机器上做恢复(前提是新机器事先安装Oracle软件,版本跟原库一致),下面是恢复过程. 1.在原库上做全备(在原库上操作) run{ allocate channel c1 device type disk; allocate channel c2 device type disk; backup format '/u02/rman_backup/full

win中oracle实现rman备份和删除dg备库归档日志脚本

总觉得使用windows跑oracle是不靠谱的事情,可以这个世界上总有很多人喜欢做类似这样的事情,对于数据库比较常见的两件事情:rman和删除dg备库归档日志,在linux/unix平台上使用shell实现很简单,可是跑到win里面,就变的烦了,不是因为其麻烦,而是因为用的人少,不知道怎么下手处理该事情,我编写了简单的实现初级功能的win下面rman备份和删除备库归档日志脚本,供大家参考,也更加欢迎朋友提出来更加好的处理方法(win是真心的不懂) rman备份脚本  代码如下 复制代码 --b

oracle的Rman备份恢复命令详解

一.backup操作 备机集 1.设置备份标记 backup database tag='full_bak1′; 注:每个标记必须唯一,相同的标记可以用于多个备份只还原最新的备份. 2.设置备份集大小(一次备份的所有结果为一个备份集,要注意备份集大小) backup database maxsetsize=100m tag='datafile1′; 注:maxsetsize限定备份集的大小.所以必须大于数据库总数据文件的大小,否则会报错. RMAN-06183: datafile or data

Oracle数据库rman备份计划及恢复

原文:http://www.cnblogs.com/vijayfly/p/5045175.html 1.rman完全恢复的前提条件:历史的datafile,controlfile和spfile备份,加上完整的archivelog和完好的redolog. 2.rman备份脚本: a.RMAN 0级备份命令: run{ allocate channel c1 type disk; allocate channel c2 type disk; allocate channel c3 type disk

ORACLE中实现SELECT TOP N的方法

1.在ORACLE中实现SELECT TOP N 由于ORACLE不支持SELECT TOP语句,所以在ORACLE中经常是用ORDER BY跟ROWNUM的组合来实现SELECT TOP N的查询. 简单地说,实现方法如下所示: SELECT 列名1...列名n FROM (SELECT 列名1...列名n FROM 表名 ORDER BY 列名1...列名n) WHERE ROWNUM <= N(抽出记录数) ORDER BY ROWNUM ASC 下面举个例子简单说明一下. 顾客表cust

oracle中去掉回车换行空格的方法详解_oracle

去除换行update zhzl_address t set t.add_administration_num=replace(t.add_administration_num,chr(10),'');去掉回车update zhzl_address t set t.add_administration_num=replace(t.add_administration_num,chr(13),'');去掉空格update zhzl_address t set t.add_administration