技术头条 - 一个快速在微博传播文章的方式     
您现在的位置首页 --> Oracle --> 给你的rman备份集加上密码锁

给你的rman备份集加上密码锁

浏览:1808次  出处信息

   数据的安全越来越重要,不是说你的生产库安全,你的数据就一定安全了,rman备份也是泄露数据的一个重要地方,如果别人拿到了你的备份集,一样等同入侵了你的生产库。为了rman备份的安全,最简单方式就是使用set encryption方式在rman备份过程中设置密码,需要版本为10.2及其以后企业版版,另外如果需要备份到带库只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy无法进行加密

   数据库版本

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
SQL> select * from v$version;
  
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE    11.2.0.4.0      Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
  
SQL> show parameter compatible
  
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
compatible                           string      11.2.0.4.0

   支持rman加密算法

?
1
2
3
4
5
6
7
8
SQL> select ALGORITHM_NAME
  from V$RMAN_ENCRYPTION_ALGORITHMS;
  
ALGORITHM_NAME
----------------------------------------------------------------
AES128
AES192
AES256

   调整加密算法

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
RMAN> show  ENCRYPTION ALGORITHM;
  
RMAN configuration parameters for database with db_unique_name ORCL are:
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
  
RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256';
  
new RMAN configuration parameters:
CONFIGURE ENCRYPTION ALGORITHM 'AES256';
new RMAN configuration parameters are successfully stored
  
RMAN> show ENCRYPTION ALGORITHM;
  
using target database control file instead of recovery catalog
RMAN configuration parameters for database with db_unique_name ORCL are:
CONFIGURE ENCRYPTION ALGORITHM 'AES256';

   创建新测试数据文件

   我们这里测试的是对新创建的5号文件进行加密备份和还原

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
SQL> select name from v$datafile;
  
NAME
--------------------------------------------------------------------------------
/u01/app/oracle/oradata/orcl/system01.dbf
/u01/app/oracle/oradata/orcl/sysaux01.dbf
/u01/app/oracle/oradata/orcl/undotbs01.dbf
/u01/app/oracle/oradata/orcl/users01.dbf
  
SQL> create tablespace rman_xifenfei datafile
  2 '/u01/app/oracle/oradata/orcl/xifenfei01.dbf' size 100M;
  
Tablespace created.
  
SQL> select file#,name from v$datafile;
  
     FILE# NAME
---------- --------------------------------------------------
         1 /u01/app/oracle/oradata/orcl/system01.dbf
         2 /u01/app/oracle/oradata/orcl/sysaux01.dbf
         3 /u01/app/oracle/oradata/orcl/undotbs01.dbf
         4 /u01/app/oracle/oradata/orcl/users01.dbf
         5 /u01/app/oracle/oradata/orcl/xifenfei01.dbf
  
SQL> create table chf.t_xifenfei tablespace rman_xifenfei
  as select * from dba_objects;
  
Table created.
  
SQL> select count(*) from chf.t_xifenfei;
  
  COUNT(*)
----------
     86721

   rman加密备份

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
RMAN> set encryption on identified by 'www.xifenfei.com' only;
  
executing command: SET encryption
  
RMAN> backup datafile 5;
  
Starting backup at 28-JAN-15
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=5 device type=DISK
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: starting piece 1 at 28-JAN-15
channel ORA_DISK_1: finished piece 1 at 28-JAN-15
piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 28-JAN-15

   准备恢复测试

?
1
2
3
4
5
6
7
RMAN> sql 'alter database datafile 5 offline';
  
sql statement: alter database datafile 5 offline
  
[oracle@localhost ~]$ rm /u01/app/oracle/oradata/orcl/xifenfei01.dbf
[oracle@localhost ~]$ ls /u01/app/oracle/oradata/orcl/xifenfei01.dbf
ls: /u01/app/oracle/oradata/orcl/xifenfei01.dbf: No such file or directory

   rman恢复测试

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
[oracle@localhost ~]$ rman target /
  
Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015
  
Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.
  
connected to target database: ORCL (DBID=1378620768)
  
RMAN> list backup of datafile 5;
  
using target database control file instead of recovery catalog
  
List of Backup Sets
===================
  
  
BS Key  Type LV Size       Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
1       Full    10.94M     DISK        00:00:01     28-JAN-15     
        BP Key: 1   Status: AVAILABLE  Compressed: NO  Tag: TAG20150128T230115
        Piece Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
  List of Datafiles in backup set 1
  File LV Type Ckp SCN    Ckp Time  Name
  ---- -- ---- ---------- --------- ----
  5       Full 54057180   28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf
  
--未输入密码
RMAN> restore datafile 5;
  
Starting restore at 28-JAN-15
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=492 device type=DISK
  
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 01/28/2015 23:02:52
ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
  
--设置错误密码
RMAN> SET DECRYPTION IDENTIFIED BY 'www.orasos.com';
  
executing command: SET decryption
  
RMAN> restore datafile 5;
  
Starting restore at 28-JAN-15
using channel ORA_DISK_1
  
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 01/28/2015 23:03:31
ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
  
--设置正确密码
RMAN> SET DECRYPTION IDENTIFIED BY 'www.xifenfei.com';
  
executing command: SET decryption
  
RMAN> restore datafile 5;
  
Starting restore at 28-JAN-15
using channel ORA_DISK_1
  
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
channel ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 28-JAN-15

   验证数据还原

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
RMAN> recover datafile 5;
  
Starting recover at 28-JAN-15
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=7 device type=DISK
  
starting media recovery
media recovery complete, elapsed time: 00:00:00
  
Finished recover at 28-JAN-15
  
RMAN> sql 'alter database datafile 5 online';
  
sql statement: alter database datafile 5 online
  
RMAN> exit
  
Recovery Manager complete.
[oracle@localhost ~]$ sqlplus / as sysdba
  
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015
  
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
  
  
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
  
SQL> select count(*) from chf.t_xifenfei;
  
  COUNT(*)
----------
     86721

   至此我们可以看到,最简单的rman加密备份和加密恢复测试完成,在使用set encryption加密后,如果不输入或者错误的输入密码无法使用备份集,从而确保了备份集的安全.

建议继续学习:

  1. 无锁消息队列    (阅读:13077)
  2. 并发编程系列之一:锁的意义    (阅读:6164)
  3. 无锁HashMap的原理与实现    (阅读:5594)
  4. 仅仅只备份是不够的    (阅读:5088)
  5. 通过odu验证rman backup对于truncate对象备份处理    (阅读:4963)
  6. MySQL锁管理(并发锁,行锁,表锁,预加锁,全局锁等等)    (阅读:4657)
  7. 使用scp在windows和Linux之间互传文件    (阅读:4323)
  8. rsync自动输入密码实现数据备份    (阅读:4203)
  9. DYNAMO平台的独门绝技: 利用NWR模型与vector clock解决锁问题    (阅读:4059)
  10. 并行编程中的“锁”难题    (阅读:3887)
QQ技术交流群:445447336,欢迎加入!
扫一扫订阅我的微信号:IT技术博客大学习
<< 前一篇:关于oracle ebs系统apps的一些故事
后一篇:在ORACLE 12C RAC中使用in memory特性请注意parallel_degree_policy和parallel_force_local参数 >>
文章信息
© 2009 - 2025 by blogread.cn 微博:@IT技术博客大学习

京ICP备15002552号-1