下面我們來(lái)看看一個(gè)oracle中rman備份集加密的方法，希望這個(gè)例子能幫助到各位朋友了．

數(shù)據(jù)的安全越來(lái)越重要,不是說(shuō)你的生產(chǎn)庫(kù)安全，你的數(shù)據(jù)就一定安全了，rman備份也是泄露數(shù)據(jù)的一個(gè)重要地方,如果別人拿到了你的備份集,一樣等同入侵了你的生產(chǎn)庫(kù)。為了rman備份的安全，最簡(jiǎn)單方式就是使用set encryption方式在rman備份過程中設(shè)置密碼,需要版本為10.2及其以后企業(yè)版版,另外如果需要備份到帶庫(kù)只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy無(wú)法進(jìn)行加密

數(shù)據(jù)庫(kù)版本

SQL> select * from v$version;

BANNER

--------------------------------------------------------------------------------

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

PL/SQL Release 11.2.0.4.0 - Production

CORE 11.2.0.4.0 Production

TNS for Linux: Version 11.2.0.4.0 - Production

NLSRTL Version 11.2.0.4.0 - Production

SQL> show parameter compatible

NAME TYPE VALUE

------------------------------------ ----------- ------------------------------

compatible string 11.2.0.4.0

支持rman加密算法

SQL> select ALGORITHM_NAME

2 from V$RMAN_ENCRYPTION_ALGORITHMS;

ALGORITHM_NAME

----------------------------------------------------------------

AES128

AES192

AES256

調(diào)整加密算法

RMAN> show ENCRYPTION ALGORITHM;

RMAN configuration parameters for database with db_unique_name ORCL are:

CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256';

new RMAN configuration parameters:

CONFIGURE ENCRYPTION ALGORITHM 'AES256';

new RMAN configuration parameters are successfully stored

RMAN> show ENCRYPTION ALGORITHM;

using target database control file instead of recovery catalog

RMAN configuration parameters for database with db_unique_name ORCL are:

CONFIGURE ENCRYPTION ALGORITHM 'AES256';

創(chuàng)建新測(cè)試數(shù)據(jù)文件

我們這里測(cè)試的是對(duì)新創(chuàng)建的5號(hào)文件進(jìn)行加密備份和還原

SQL> select name from v$datafile;

NAME

--------------------------------------------------------------------------------

/u01/app/oracle/oradata/orcl/system01.dbf

/u01/app/oracle/oradata/orcl/sysaux01.dbf

/u01/app/oracle/oradata/orcl/undotbs01.dbf

/u01/app/oracle/oradata/orcl/users01.dbf

SQL> create tablespace rman_xifenfei datafile

2 '/u01/app/oracle/oradata/orcl/xifenfei01.dbf' size 100M;

Tablespace created.

SQL> select file#,name from v$datafile;

FILE# NAME

---------- --------------------------------------------------

1 /u01/app/oracle/oradata/orcl/system01.dbf

2 /u01/app/oracle/oradata/orcl/sysaux01.dbf

3 /u01/app/oracle/oradata/orcl/undotbs01.dbf

4 /u01/app/oracle/oradata/orcl/users01.dbf

5 /u01/app/oracle/oradata/orcl/xifenfei01.dbf

SQL> create table chf.t_xifenfei tablespace rman_xifenfei

2 as select * from dba_objects;

Table created.

SQL> select count(*) from chf.t_xifenfei;

COUNT(*)

----------

86721

rman加密備份

RMAN> set encryption on identified by 'www.111cn.net' only;

executing command: SET encryption

RMAN> backup datafile 5;

Starting backup at 28-JAN-15

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=5 device type=DISK

channel ORA_DISK_1: starting full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbf

channel ORA_DISK_1: starting piece 1 at 28-JAN-15

channel ORA_DISK_1: finished piece 1 at 28-JAN-15

piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 comment=NONE

channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01

Finished backup at 28-JAN-15

準(zhǔn)備恢復(fù)測(cè)試

RMAN> sql 'alter database datafile 5 offline';

sql statement: alter database datafile 5 offline

[oracle@localhost ~]$ rm /u01/app/oracle/oradata/orcl/xifenfei01.dbf

[oracle@localhost ~]$ ls /u01/app/oracle/oradata/orcl/xifenfei01.dbf

ls: /u01/app/oracle/oradata/orcl/xifenfei01.dbf: No such file or directory

rman恢復(fù)測(cè)試

[oracle@localhost ~]$ rman target /

Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015

Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.

connected to target database: ORCL (DBID=1378620768)

RMAN> list backup of datafile 5;

using target database control file instead of recovery catalog

List of Backup Sets

===================

BS Key Type LV Size Device Type Elapsed Time Completion Time

------- ---- -- ---------- ----------- ------------ ---------------

1 Full 10.94M DISK 00:00:01 28-JAN-15

BP Key: 1 Status: AVAILABLE Compressed: NO Tag: TAG20150128T230115

Piece Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp

List of Datafiles in backup set 1

File LV Type Ckp SCN Ckp Time Name

---- -- ---- ---------- --------- ----

5 Full 54057180 28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf

--未輸入密碼

RMAN> restore datafile 5;

Starting restore at 28-JAN-15

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=492 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf

channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of restore command at 01/28/2015 23:02:52

ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp

ORA-19913: unable to decrypt backup

ORA-28365: wallet is not open

--設(shè)置錯(cuò)誤密碼

RMAN> SET DECRYPTION IDENTIFIED BY 'www.orasos.com';

executing command: SET decryption

RMAN> restore datafile 5;

Starting restore at 28-JAN-15

using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf

channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of restore command at 01/28/2015 23:03:31

ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp

ORA-19913: unable to decrypt backup

ORA-28365: wallet is not open

--設(shè)置正確密碼

RMAN> SET DECRYPTION IDENTIFIED BY 'www.111cn.net';

executing command: SET decryption

RMAN> restore datafile 5;

Starting restore at 28-JAN-15

using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf

channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp

channel ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115

channel ORA_DISK_1: restored backup piece 1

channel ORA_DISK_1: restore complete, elapsed time: 00:00:01

Finished restore at 28-JAN-15

驗(yàn)證數(shù)據(jù)還原

RMAN> recover datafile 5;

Starting recover at 28-JAN-15

using target database control file instead of recovery catalog

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=7 device type=DISK

starting media recovery

media recovery complete, elapsed time: 00:00:00

Finished recover at 28-JAN-15

RMAN> sql 'alter database datafile 5 online';

sql statement: alter database datafile 5 online

RMAN> exit

Recovery Manager complete.

[oracle@localhost ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015

Copyright (c) 1982, 2013, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select count(*) from chf.t_xifenfei;

COUNT(*)

----------

86721

至此我們可以看到,最簡(jiǎn)單的rman加密備份和加密恢復(fù)測(cè)試完成,在使用set encryption加密后,如果不輸入或者錯(cuò)誤的輸入密碼無(wú)法使用備份集,從而確保了備份集的安全.

更多信息請(qǐng)查看IT技術(shù)專欄