欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  数据库

GoldenGate的安全配置

程序员文章站 2022-05-18 16:15:15
...

在实施GoldenGate的时候,安全这一项往往是被忽视的。但是作为一个完整运行的GoldenGate系统,基本的安全设置还是很有必要的,比

口令加密

3、网络传输加密不能使用

所以通常情况下还是需要自己生成密钥文件。生成密钥文件需要两个步骤:

具体操作如下:

[ggate@ogg_s current]$ ./keygen 128 3

0x345CEB2DA213DC2F75B0514484FCAB42

0xD8A1B350AF392A75C52EE540B169B267

0x7CE77B73BD5F783A15AD783DDFD6B80C

# 将密钥存储到文件中,,一行一个密钥

[ggate@ogg_s current]$ cat ENCKEYS

## Key-name Key-value

PASSWDKEY 0x345CEB2DA213DC2F75B0514484FCAB42

TRAILKEY 0xD8A1B350AF392A75C52EE540B169B267

TCPIPKEY 0x7CE77B73BD5F783A15AD783DDFD6B80C

配置好密钥文件后,我们就可以对数据库账号的口令进行加密了。

GGSCI (ogg_s) 1> ENCRYPT PASSWORD OGG123 ENCRYPTKEY PASSWDKEY

Encrypted password: AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF

Algorithm used: AES128

GGSCI (ogg_s) 2> ENCRYPT PASSWORD OGG123 ENCRYPTKEY DEFAULT

Using default key...

Encrypted password: AACAAAAAAAAAAAGACARARDMENDJHIIFG

Algorithm used: BLOWFISH

GGSCI (ogg_s) 3> DBLOGIN USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

Successfully logged into database.

...

SETENV (Oracle_HOME=/u01/app/oracle/product/11.2.0/db_1)

SETENV (ORACLE_SID=ggtest)

--USERID OGG, PASSWORD OGG123

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

EXTTRAIL /data/ggate/dirext/ggtest/ea

...

Trail文件加密

如果是加过密的,那数据就是一团乱码了:

GoldenGate的安全配置

GoldenGate的安全配置

...

SETENV (ORACLE_SID=ggtest)

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

ENCRYPTTRAIL AES128 KEYNAME TRAILKEY

EXTTRAIL /data/ggate/dirext/jet2/ea

DISCARDFILE /u01/app/oracle/product/ggate/current/dirrpt/EJET2.dsc, APPEND, MEGABYTES 500

FETCHOPTIONS FETCHPKUPDATECOLS

...

...

SHOWSYNTAX

DYNSQL

DBOPTIONS DEFERREFCONST

DECRYPTTRAIL AES128 KEYNAME TRAILKEY

MAP JET2.*, TARGET JET2.*;

...

...

DECRYPTTRAIL AES128 KEYNAME TRAILKEY

RMTHOST ogg_t, MGRPORT 7809

ENCRYPTTRAIL AES128 KEYNAME TRAILKEY

RMTTRAIL /data/ggate/dirrep/jet2/at

...

网络传输加密

...

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

RMTHOST ogg_t, MGRPORT 7809, ENCRYPT AES128 KEYNAME TCPIPKEY

RMTTRAIL /data/ggate/dirrep/jet1/at

...

ERROR OGG-01453 Oracle GoldenGate Capture for Oracle, pjet1.prm: Database login information not specified in parameter file.

GoldenGate更新丢失问题

GoldenGate单向表DML同步

Oracle GoldenGate 系列:Extract 进程的恢复原理

Oracle GoldenGate安装配置

Oracle goldengate的OGG-01004 OGG-1296错误

Oracle GoldenGate快速入门教程:基本概念和配置

搭建一个Oracle到Oracle的GoldenGate双向复制环境