本站中文解释
TDE_CONFIGURATION参数指定了使用Transparent Data Encryption(TDE)的加密容器的名称。TDE功能使得即使在磁盘上的数据泄露了,该数据也无法被访问。
如何正确设置:
1. 首先,需要创建一个TDE加密容器:
SQL> CREATE CONTAINER tde_container_1 ENCRYPT USING ‘AES256′;
2. 为TDE_CONFIGURATION参数设置TDE加密容器的名称:
SQL> ALTER SYSTEM SET TDE_CONFIGURATION=’tde_container_1’;
3. 最后,需要应用这些更改:
SQL> ALTER SYSTEM SCOPE=SPFILE;
官方英文解释
window.name=’TDE_CONFIGURATION’
function footdisplay(footnum,footnote) {
var msg = window.open(‘about:blank’, ‘NewWindow’ + footnum,
‘directories=no,height=100,location=no,menubar=no,resizable=yes,’ +
‘scrollbars=yes,status=no,toolbar=no,width=598’);
msg.document.open(‘text/html’);
msg.document.write(”);
msg.document.write(‘
‘);</p><p> msg.document.write(‘Footnote ‘ + footnum);<br /> msg.document.write(”);<br /> msg.document.write(”);<br /> msg.document.write(‘ <![CDATA[ ');<br /> msg.document.write('h1 {text-align: center; font-size: 14pt;}');<br /> msg.document.write('fieldset {border: none;}');<br /> msg.document.write('form {text-align: center;}');<br /> msg.document.write(' ]]\u003e ‘);<br /> msg.document.write(‘</p><h1>Footnote ‘ + footnum + ‘</p><p>‘);<br /> msg.document.write(footnote);<br /> msg.document.write(‘</p><fieldset>‘);<br /> msg.document.write(”);<br /> msg.document.write(”);<br /> msg.document.close();<br /> setTimeout(function() {<br /> var height = msg.document.getElementById(‘footnote’).offsetHeight;<br /> msg.resizeTo(598, height + 100);<br /> }<br /> , 100);<br /> msg.focus();<br />}</p><p>The script content on this page is for navigation purposes only and does not alter the content in any way.</p><p><code class="codeph">TDE_CONFIGURATION</code> is used for per-PDB configuration for Transparent Data Encryption (TDE). </p><p>Before Oracle Database 18c, each PDB stored its separate encryption keys in the CDB’s keystore (united mode). Starting with Oracle Database 18c Cloud environments, a PDB can optionally store its encryption keys in a separate keystore (isolated mode), thus allowing protection by a separate keystore password. This functionality is not available for on-premises environments.</p><p>The <code class="codeph">WALLET_ROOT</code> initialization parameter must be set in order for <code class="codeph">TDE_CONFIGURATION</code> to take effect. </p><table cellpadding="4" cellspacing="0" class="Formal" title="" summary="This table describes the properties for this initialization parameter." width="100%" border="1" rules="rows"><thead><tr align="left" valign="top"><th align="left" valign="bottom" width="25%" id="d215938e131">Property </th><th align="left" valign="bottom" width="75%" id="d215938e135">Description </th></tr></thead><tbody><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e141" headers="d215938e131 "><p><span class="bold">Parameter type</span></p></td><td align="left" valign="top" width="75%" headers="d215938e141 d215938e135 "><p>String</p></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e151" headers="d215938e131 "><p><span class="bold">Syntax</span></p></td><td align="left" valign="top" width="75%" headers="d215938e151 d215938e135 "><p><code class="codeph">TDE_CONFIGURATION = “{ KEYSTORE_CONFIGURATION = value [; CONTAINER = pdb-name] }”</code></p></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e162" headers="d215938e131 "><p><span class="bold">Syntax</span></p></td><td align="left" valign="top" width="75%" headers="d215938e162 d215938e135 "><p><span class="bold">value ::=</span></p><p><code class="codeph">{</code></p><p><code class="codeph"> FILE |</code></p><p><code class="codeph"> OKV |</code></p><p><code class="codeph"> HSM |</code></p><p><code class="codeph"> FILE|OKV |</code></p><p><code class="codeph"> FILE|HSM |</code></p><p><code class="codeph"> OKV|FILE |</code></p><p><code class="codeph"> HSM|FILE</code></p><p><code class="codeph">}</code></p><p><span class="bold">Notes:</span> </p><ul style="list-style-type: disc" id="GUID-285A9BCE-22AE-4DE4-A76E-1319B7BB91BC__UL_LTB_QMJ_5RB"><li><p>The <code class="codeph">KEYSTORE_CONFIGURATION</code> value is case-insensitive. For example, you can specify <code class="codeph">FILE</code> or <code class="codeph">file</code>. </p></li><li><p><code class="codeph">FILE|OKV</code>, <code class="codeph">FILE|HSM</code>, <code class="codeph">OKV|FILE</code>, and <code class="codeph">HSM|FILE</code> are values. The vertical bars they contain are not separators in the syntax shown above. </p></li></ul></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e230" headers="d215938e131 "><p><span class="bold">Default value</span></p></td><td align="left" valign="top" width="75%" headers="d215938e230 d215938e135 "><p>None</p></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e240" headers="d215938e131 "><p><span class="bold">Modifiable</span></p></td><td align="left" valign="top" width="75%" headers="d215938e240 d215938e135 "><p><code class="codeph">ALTER SYSTEM</code><sup>Foot 1</sup></p></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e266" headers="d215938e131 "><p><span class="bold">Modifiable in a PDB</span></p></td><td align="left" valign="top" width="75%" headers="d215938e266 d215938e135 "><p>Yes</p></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e276" headers="d215938e131 "><p><span class="bold">Basic</span></p></td><td align="left" valign="top" width="75%" headers="d215938e276 d215938e135 "><p>No</p></td></tr><tr align="left" valign="top"><td align="left" valign="top" width="25%" id="d215938e286" headers="d215938e131 "><p><span class="bold">Oracle RAC</span></p></td><td align="left" valign="top" width="75%" headers="d215938e286 d215938e135 "><p>The same value must be specified on all instances using the <code class="codeph">ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=value" SCOPE=BOTH SID='*';</code> statement. </p></td></tr></tbody></table><p> </p><p class="tablefootnote"><sup class="tablefootnote">Footnote 1 </sup></p><p>In some cases when this parameter is set using <code class="codeph">ALTER SYSTEM SCOPE=SPFILE</code>, the <code class="codeph">SHOW PARAMETER TDE_CONFIGURATION</code> statement does not show the correct value. However, the value set for <code class="codeph">TDE_CONFIGURATION</code> can be derived from information shown in the <code class="codeph">V$ENCRYPTION_WALLET</code> view. </p><p><p>The following attributes can be specified:</p><ul style="list-style-type: disc"><li><p><code class="codeph">KEYSTORE_CONFIGURATION</code> attribute. This attribute is required. The value specified with this attribute configures the keystore type for the specified PDB. The following values can be specified for this attribute: </p><ul style="list-style-type: disc" id="GUID-285A9BCE-22AE-4DE4-A76E-1319B7BB91BC__UL_WM4_F15_QMB"><li><p><code class="codeph">FILE</code>: This value configures a wallet keystore. </p></li><li><p><code class="codeph">OKV</code>: This value configures an Oracle Key Vault (OKV) keystore. </p><p>This value is also used to disable an auto-login OKV configuration and cause any existing <code class="codeph">cwallet.sso</code> files, containing the credentials to the OKV server as the <code class="codeph">OKV_PASSWORD</code> client secret, to be ignored. </p></li><li><p><code class="codeph">HSM</code>: This value configures a Hardware Security Module (HSM) keystore. </p></li><li><p><code class="codeph">FILE|OKV</code>: This value configures a reverse migration from an OKV to a wallet keystore. </p></li><li><p><code class="codeph">FILE|HSM</code>: This value configures a reverse migration from a HSM to a wallet keystore. </p></li><li><p><code class="codeph">OKV|FILE</code>: This value configures a migration from a wallet to an OKV keystore. </p><p>This value is also used in an auto-login OKV configuration, because in this configuration a <code class="codeph">cwallet.sso</code> file, containing the <code class="codeph">OKV_PASSWORD</code> client secret, must be used by the Oracle server to obtain the credentials to log in to the OKV server. </p></li><li><p><code class="codeph">HSM|FILE</code>: This value configures a migration from a wallet to a HSM keystore. </p><p>This value is also used in an auto-login HSM configuration, because in this configuration a <code class="codeph">cwallet.sso</code> file, containing the <code class="codeph">HSM_PASSWORD</code> client secret, must be used by the Oracle server to obtain the credentials to log in to the HSM server. </p></li></ul><p>Some of the <code class="codeph">KEYSTORE_CONFIGURATION</code> attribute values consist of a single word, for example, the <code class="codeph">FILE</code>, <code class="codeph">OKV</code>, and <code class="codeph">HSM</code> values. The other <code class="codeph">KEYSTORE_CONFIGURATION</code> attribute values consist of two words separated by the “|” character that is a required part of the value’s syntax, for example, the <code class="codeph">FILE|OKV</code>, <code class="codeph">FILE|HSM</code>, <code class="codeph">OKV|FILE</code>, and <code class="codeph">HSM|FILE</code> values. </p><p>In Oracle Database releases prior to Oracle Database 18.1, keystore types were configured in <code class="codeph">sqlnet.ora</code> using the <code class="codeph">METHOD</code> attribute of the <code class="codeph">SQLNET.ENCRYPTION_WALLET_LOCATION</code> parameter. </p></li><li><p><code class="codeph">CONTAINER</code> attribute: This optional attribute can be used only when setting the parameter in the <code class="codeph">CDB$ROOT</code> of a CDB. The <code class="codeph">CONTAINER</code> attribute can be specified only when the <code class="codeph">CDB$ROOT</code> is in <code class="codeph">MOUNTED</code> state. With this attribute, you must specify the name of the PDB for which you are setting the parameter. When you specify the <code class="codeph">CONTAINER</code> attribute, you must use a semicolon “;” as the separation character between the <code class="codeph">KEYSTORE_CONFIGURATION</code> and <code class="codeph">CONTAINER</code> attributes. </p></li></ul><p> </p><p class="subhead1" id="GUID-285A9BCE-22AE-4DE4-A76E-1319B7BB91BC__GUID-D11FCC06-0D66-4401-B09E-E93606BD1683" role="heading">Examples</p><p>The following statement configures a wallet keystore for the open PDB from which the statement is issued:</p><pre class="oac_no_warn" dir="ltr"><button class="copy-btn copy-btn-enabled" aria-label="Copy the following example to clipboard"><span class="copy-btn-text">Copy</span></button>ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" SCOPE=BOTH SID='*';</pre><p>The following statement configures an OKV keystore for the PDB in <code class="codeph">MOUNTED</code> state from which the statement is issued: </p><pre class="oac_no_warn" dir="ltr"><button class="copy-btn copy-btn-enabled" aria-label="Copy the following example to clipboard"><span class="copy-btn-text">Copy</span></button>ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=OKV" SCOPE=SPFILE SID='*';</pre><p>The following statement configures a HSM keystore for the <code class="codeph">ORCLPDB</code> PDB. For this statement to succeed, the parameter must be set in the <code class="codeph">CDB$ROOT</code> of a CDB when the <code class="codeph">CDB$ROOT</code> is in <code class="codeph">MOUNTED</code> state: </p><pre class="oac_no_warn" dir="ltr"><button class="copy-btn copy-btn-enabled" aria-label="Copy the following example to clipboard"><span class="copy-btn-text">Copy</span></button>ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=HSM; CONTAINER=ORCLPDB" SCOPE=MEMORY SID='*';</pre><p class="notep1">See Also:</p><ul style="list-style-type: disc"><li><p>WALLET_ROOT</p></li><li><p>V$ENCRYPTION_WALLET</p></li><li><p><span><cite>Oracle Database Advanced<br /> Security Guide</cite></span> for information about managing keystores and encryption keys in united mode </p></li><li><p><span><cite>Oracle Database Advanced<br /> Security Guide</cite></span> for information about managing keystores and encryption keys in isolated mode </p></li></ul></p><p>
<hr>
<p class="source">编辑:<a href="http://mingshengyiyao.cn/"><span>广州明生医药有限公司</span></a></p>
<p class="original-tit mt30">
标签:<span>容器,名称,数据,英文,创建一个</span>
</p>
<div class="share-title">
<span class="txt">分享:</span>
<a href="javascript:void(0);" class="getQrcode" title="请使用微信扫此码">
<i class="icon layui-icon layui-icon-login-wechat"></i>
</a>
<a href="javascript:void(0);" class="getQrcode" title="请使用微博扫此码">
<i class="icon layui-icon layui-icon-login-weibo"></i>
</a>
<a href="javascript:void(0);" class="getQrcode" title="请使用QQ扫此码">
<i class="icon layui-icon layui-icon-login-qq"></i>
</a>
<button class="layui-btn Collection">
❤<span>收藏</span>
</button>
</div>
</div>
</div>
<div class="layui-col-xs12 layui-col-sm12 layui-col-md12">
<div class="popular-info popular-info-tog">
<div class="layui-card">
<!--<div class="layui-card-header"><h3>关联文章</h3></div>-->
<div class="layui-card-body">
<ul class="list-box">
<li class="list"><a href="http://mingshengyiyao.cn/news/01163560035549319168.html">Oracle中的逗号字符与分隔的神奇作用(oracle中的逗号隔开)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163560019225088000.html">精通Oracle C语言从基础到精通(oracle c从入门到)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163560005702651904.html">Oracle数据库中的单行函数使用介绍(oracle中的单行函数)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559991618179072.html">Oracle临时表存储使用优点(oracle临时表是什么)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559963600228352.html">安装MySQL与PHP:一步一步迈向成功(mysqlphp安装)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559947867394048.html">深入解析Oracle数据库的触发器类型(oracle触发器类型)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559933011169280.html">MySQL仓库:解放你的数据存储空间(mysqlrepo)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559914627534848.html">精通Oracle:熟悉触发器类型(oracle触发器类型)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559893664403456.html">Oracle日志回滚功能的实现原理与应用方法(oracle日志回滚)</a></li>
<li class="list"><a href="http://mingshengyiyao.cn/news/01163559876912353280.html">Oracle ERP财务:企业财务管理的优势分析(oracleerp财务)</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- footer部分 -->
<div class="micronews-footer-wrap">
<div class="micronews-footer w1000">
<div class="ft-nav">
</div>
<div class="Copyright">
<span>© 祺平科技 • 版权所有</span>
<span><a href="https://beian.miit.gov.cn" target="_blank">粤ICP备2023061218号</a></span>
<span> 技术支持 </span> <span><a href="https://zmcms.com" target="_blank">ZMCMS.COM</a></span>
</div>
<!--<div class="f-icon">
<a href="#" class="w-icon">
<img src="https://global.cnd.aidufei.com/cms/web/default/images/wechat_ic.png">
</a>
<a href="#" class="wb-icon">
<img src="https://global.cnd.aidufei.com/cms/web/default/images/qq_ic.png">
</a>
</div>-->
</div>
</div>
<script src="https://global.cnd.aidufei.com/cms/lib/layui/layui.js"></script><script src="https://global.cnd.aidufei.com/cms/lib/js/jquery.qrcode.min.js"></script>
<script>
layui.config({
base: 'https://global.cnd.aidufei.com/cms/web/default/js/'
}).use('index',function(){
var index = layui.index,$ = layui.$;
//index.EnterMessage();
//index.Page('micronews-details-test',50);
var collOff = true;
$('.Collection').on('click',function(){
if(collOff){
$(this).addClass('active')
}else{
$(this).removeClass('active')
}
collOff = !collOff;
layer.alert('请按 Ctrl + D 收藏此页面');
});
//index.seachBtn();
//index.onInput();
index.arrowutil();
$('.getQrcode').on('click',function(){
var title = $(this).attr('title');
getQR(window.location.href, title);
});
});
proxyImage('.article');
adjustImageSize('.article');
$(window).resize(function() {adjustImageSize('.article');});
</script>
</body>
</html>