Home >Database >Mysql Tutorial >GoldenGate的安全配置

GoldenGate的安全配置

WBOY
WBOYOriginal
2016-06-07 15:57:351309browse

在实施GoldenGate的时候,安全这一项往往是被忽视的。但是作为一个完整运行的GoldenGate系统,基本的安全设置还是很有必要的,比

口令加密

3、网络传输加密不能使用

所以通常情况下还是需要自己生成密钥文件。生成密钥文件需要两个步骤:

具体操作如下:

[ggate@ogg_s current]$ ./keygen 128 3

0x345CEB2DA213DC2F75B0514484FCAB42

 

0xD8A1B350AF392A75C52EE540B169B267

 

0x7CE77B73BD5F783A15AD783DDFD6B80C

 

# 将密钥存储到文件中,,一行一个密钥

[ggate@ogg_s current]$ cat ENCKEYS

## Key-name        Key-value

PASSWDKEY          0x345CEB2DA213DC2F75B0514484FCAB42

TRAILKEY          0xD8A1B350AF392A75C52EE540B169B267

TCPIPKEY          0x7CE77B73BD5F783A15AD783DDFD6B80C

配置好密钥文件后,我们就可以对数据库账号的口令进行加密了。

GGSCI (ogg_s) 1> ENCRYPT PASSWORD OGG123 ENCRYPTKEY PASSWDKEY

Encrypted password:  AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF

Algorithm used:  AES128

GGSCI (ogg_s) 2> ENCRYPT PASSWORD OGG123 ENCRYPTKEY DEFAULT

Using default key...

 

Encrypted password:  AACAAAAAAAAAAAGACARARDMENDJHIIFG

Algorithm used:  BLOWFISH

GGSCI (ogg_s) 3> DBLOGIN USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

Successfully logged into database.

...

SETENV (Oracle_HOME=/u01/app/oracle/product/11.2.0/db_1)

SETENV (ORACLE_SID=ggtest)

--USERID OGG, PASSWORD OGG123

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

EXTTRAIL /data/ggate/dirext/ggtest/ea

...

Trail文件加密

 

如果是加过密的,那数据就是一团乱码了:

GoldenGate的安全配置

GoldenGate的安全配置

...

SETENV (ORACLE_SID=ggtest)

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

ENCRYPTTRAIL AES128 KEYNAME TRAILKEY

EXTTRAIL /data/ggate/dirext/jet2/ea

DISCARDFILE /u01/app/oracle/product/ggate/current/dirrpt/EJET2.dsc, APPEND, MEGABYTES 500

FETCHOPTIONS FETCHPKUPDATECOLS

...

...

SHOWSYNTAX

DYNSQL

DBOPTIONS DEFERREFCONST

DECRYPTTRAIL AES128 KEYNAME TRAILKEY

MAP JET2.*, TARGET JET2.*;

...

...

DECRYPTTRAIL AES128 KEYNAME TRAILKEY

RMTHOST ogg_t, MGRPORT 7809

ENCRYPTTRAIL AES128 KEYNAME TRAILKEY

RMTTRAIL /data/ggate/dirrep/jet2/at

...

网络传输加密

...

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

RMTHOST ogg_t, MGRPORT 7809, ENCRYPT AES128 KEYNAME TCPIPKEY

RMTTRAIL /data/ggate/dirrep/jet1/at

...

ERROR  OGG-01453  Oracle GoldenGate Capture for Oracle, pjet1.prm:  Database login information not specified in parameter file.

GoldenGate更新丢失问题 

GoldenGate单向表DML同步

Oracle GoldenGate 系列:Extract 进程的恢复原理

Oracle GoldenGate安装配置

Oracle goldengate的OGG-01004 OGG-1296错误

Oracle GoldenGate快速入门教程:基本概念和配置

搭建一个Oracle到Oracle的GoldenGate双向复制环境

本文永久更新链接地址

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:数据库访问技术之JDBCNext article:管理votingdisks