Skip to content

Posts from the ‘Uncategorized’ Category

Dec 15

Data column encryption in oracle database

We can refer the below oracle document for TDE security.

https://docs.oracle.com/en/database/oracle/oracle-database/19/asoag/introduction-to-oracle-advanced-security.html#GUID-5D7343A0-4934-444F-97A1-5F189385A5DE

Configure the Software Keystore Location

Set the WALLET_ROOT and TDE_CONFIGURATION parameters.

SQL> ALTER SYSTEM SET WALLET_ROOT=’C:\app\orauser\admin\testdb\wallet\TDE’ SCOPE=SPFILE SID=’*’;

System altered.

Restart the database for effective the above parameter

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup

ORACLE instance started.

Total System Global Area 1073738560 bytes

Fixed Size                  9036608 bytes

Variable Size             276824064 bytes

Database Buffers          780140544 bytes

Redo Buffers                7737344 bytes

Database mounted.

Database opened.

SQL> show parameter wallet_root

NAME                                 TYPE        VALUE

———————————— ———– ——————————

wallet_root                          string      C:\APP\ORAUSER\ADMIN\TESTDB\WA

                                                 LLET\TDE

SQL> ALTER SYSTEM SET TDE_CONFIGURATION=”KEYSTORE_CONFIGURATION=FILE” SCOPE=BOTH SID=’*’;

System altered.

Creating a Password-Protected Software Keystore:

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY Oracle123Ace;

keystore altered.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY Oracle123Ace;

keystore altered.

SQL> SELECT STATUS FROM V$ENCRYPTION_WALLET;

STATUS

——————————

OPEN_NO_MASTER_KEY

Set the master encryption key by executing the following command:

SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY Oracle123Ace WITH BACKUP;

keystore altered.

SQL> set linesize 120

SQL> col wrl_parameter format a45

SQL> select * from v$encryption_wallet;

WRL_TYPE             WRL_PARAMETER                                 STATUS                         WALLET_TYPE

——————– ——————————————— —————————— ——————–

WALLET_OR KEYSTORE FULLY_BAC     CON_ID

——— ——– ——— ———-

FILE                 C:\APP\ORAUSER\ADMIN\TESTDB\WALLET\TDE\tde\   OPEN                           PASSWORD

SINGLE    NONE     NO                 0

Wallet files location :

Auto login wallet can able to enable. If its enable, it will automatically open the wallet

Data Column Encryption :

We are going to test encrypt the national_idenfier column in HR.PER_ALL_PEOPLE_F table.

Datatype of column in varchar(2).

Before Encryption,

Note : better to take backup the table before encryption.

SQL> ALTER TABLE HR.PER_ALL_PEOPLE_F MODIFY (national_identifier ENCRYPT);

ALTER TABLE HR.PER_ALL_PEOPLE_F MODIFY (national_identifier ENCRYPT)

                                        *

ERROR at line 1:

ORA-28338: Column(s) cannot be both indexed and encrypted with salt

When we encrypt the column getting above error, because that column has an index. So we have to remove the salt while encrypt the column.

Salt, which is a random string added to data before encryption, is a way to strengthen the security of encrypted data.

SQL> ALTER TABLE HR.PER_ALL_PEOPLE_F MODIFY (national_identifier ENCRYPT NO SALT);

Table altered.

SQL> SELECT * FROM DBA_ENCRYPTED_COLUMNS;

OWNER                          TABLE_NAME                     COLUMN_NAME                    ENCRYPTION_ALG                SAL INTEGRITY_AL

—————————— —————————— —————————— —————————– — ————

HR                             PER_ALL_PEOPLE_F               NATIONAL_IDENTIFIER            AES 192 bits key              NO  SHA-1

Note:

TDE will only encrypt the data at storage and TDE will not mask the data in the select command output.

TDE is protecting the data at rest. It is encrypting the data in the datafiles so that in case they are obtained by other parties it will not be possible to access the clear text data. TDE cannot be used to obfuscate the data for the users who have privileges to access the tables. In the databases where TDE is configured any user who has access on an encrypted table will be able to see the data in clear text because Oracle will transparently decrypt the data for any user having the necessary privileges.

Reference:

How To Verify a Table Is Encrypted Using Transparent Data Encryption (TDE) and How To Test With the Table? (Doc ID 2132982.1)

Quick TDE Setup and FAQ (Doc ID 1251597.1)

Dec 24

pg_restore: error: unsupported version (1.16) in file header

trying to restore from higher version pg_dump directory files to lower version pg_restore in another server

Solution :

Install pgadmin 4 with newer version and then change the binary path, it will restore schemas

check compatible version of both servers before take backup

Dec 2

oracle wallet password is incorrect try again

try to open the wallet thorugh wallet manger, its says password is incorrect try again but password is correct

Solution :

try to open through orapki

C:\Users\mazar>orapki wallet display -wallet D:\app\oracle\admin\EZYPROD\wallet\TDE
Oracle PKI Tool Release 19.0.0.0.0 – Production
Version 19.4.0.0.0
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:
Failed to lock…
attempt 1: java.io.FileNotFoundException: D:\app\oracle\admin\EZYPROD\wallet\TDE\ewallet.p12.lck (Access is denied)
attempt 2: java.io.FileNotFoundException: C:\Users\mazar\AppData\Local\Temp\11\pki_data719736930.lck (The system cannot find the file specified)

this is windows permission issues

Nov 4

pg_dump: detail: server version: 17.0; pg_dump version: 16.4

we may get the errors while taking backup after installed PostgreSQL 17

pg_dump: detail: server version: 17.0; pg_dump version: 16.4

Solution :

change the binary paths from pgadmin

File –> Preferences

Oct 24

oci directory not found, please install oci in makefile.pl

while configure cpanm DBD::Oracle facing below issue

Installing on a MSWin32, Ver#10.0
Using Oracle in C:/instantclient_21_15
DEFINE _SQLPLUS_RELEASE = “1920000000” (CHAR)
Oracle Version 19.20.0.0 (19.20)
OCI directory not found, please install OCI in C:/instantclient_21_15 at Makefile.PL line 315.
-> N/A
-> FAIL Configure failed for DBD-Oracle-1.90. See C:\Users\mazar\.cpanm\work\1729752523.30896\build.log for details.

Solution :

set oracle_home instant client path

still you’re facing error, you have to download complete oracle instant client basic with sqlplus,tools,sdk,jdbc and odbc

Nov 2

Download certificate through command prompt

openssl s_client -connect sbp.enterprisedb.com:443 -showcerts > E:\certification\postgresqlcertification.cer

Feb 9

1 Comment

Opatch error

Getting below error while doing to apply a cpu database patch which is running on windows server 2019

E:\app\WINDOWS.X64_193000_db_home\bin\ORAEVRUS19.dll
E:\app\WINDOWS.X64_193000_db_home\oui\jlib\srvm.jar
[Feb 8, 2023 7:32:51 PM] [INFO] Prerequisite check “CheckActiveFilesAndExecutables” failed.

Solution :

Stop : Windows Management Instrumentation & Event log services

Apr 21

txkCfgUtlfileDir.sh directory does not exist

while doing adconfig.sh in database, getting below error

WARNING: [CVM Error Report]
The following report lists errors encountered during CVM Phase

/u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.sh 1

No. of scripts failed in CVM phase: 1

Solution :

Check adconfig.log file

ERROR DESCRIPTION:
(FATAL ERROR
PROGRAM : (/u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.pl)
TIME : Thu Apr 21 13:00:39 2022
FUNCTION: main::checkUtlFileDir [ Level 1 ]
ERRORMSG: Directory /u01/BAHPROD/temp/BAHIFRS does not exist.
)
ERRORCODE = 1 ERRORCODE_END
.end std out.

.end err out.

Create directory /u01/BAHPROD/temp/BAHIFRS

run below script to add this directory in utl_file_dir

perl /u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.pl -contextfile=/u01/app/oracle/product/19c/orahome_1/appsutil/BAHIFRS_bahdevifrdb01.xml -oraclehome=/u01/app/oracle/product/19c/orahome_1 -outdir=/u01/app/oracle/product/19c/orahome_1/appsutil/log -mode=addUtlFileDir
Enter the APPS Password:

Enter the SYSTEM Password:

Enter the new OS path to be added to UTL_FILE_DIR: /u01/BAHPROD/temp/BAHIFRS

Script Name : txkCfgUtlfileDir.pl
Script Version : 120.0.12020000.11
Started : Thu Apr 21 13:08:30 +03 2022

Log File : /u01/app/oracle/product/19c/orahome_1/appsutil/log/TXK_UTIL_DIR_Thu_Apr_21_13_08_14_2022/txkCfgUtlfileDir.log

Context file: /u01/app/oracle/product/19c/orahome_1/appsutil/BAHIFRS_bahdevifrdb01.xml exists.

Completed : Thu Apr 21 13:08:43 +03 2022

Successfully Completed the script
ERRORCODE = 0 ERRORCODE_END

perl /u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.pl -contextfile=/u01/app/oracle/product/19c/orahome_1/appsutil/BAHIFRS_bahdevifrdb01.xml -oraclehome=/u01/app/oracle/product/19c/orahome_1 -outdir=/u01/app/oracle/product/19c/orahome_1/appsutil/log -mode=syncUtlFileDir

rerun adconfig.sh , its working fine

Mar 28

1 Comment

Error: loading jvm.dll while install SAP IQ 16.1

We tried to install SAP IQ 16.1 in windows server 2019, we’re getting below issue

Error :

Error: loading: C:\app\TEMP\I1648491739\Windows\resource\jre\bin\server\jvm.dll

Solution :

Install visual c++ redistributable packages for visual studio 2010

Download Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update from Official Microsoft Download Center

Mar 15

Backup encryption

Backup Encryption test scenario

Configure the Software Keystore Location

Set the WALLET_ROOT and TDE_CONFIGURATION parameters.

SQL> ALTER SYSTEM SET WALLET_ROOT=’C:\app\orauser\admin\testdb\wallet’ SCOPE=SPFILE SID=’*’;

System altered.

Restart the database for effective the above parameter

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup

ORACLE instance started.

Total System Global Area 1073738560 bytes

Fixed Size                  9036608 bytes

Variable Size             276824064 bytes

Database Buffers          780140544 bytes

Redo Buffers                7737344 bytes

Database mounted.

Database opened.

SQL> show parameter wallet_root

NAME                                 TYPE        VALUE

———————————— ———– ——————————

wallet_root                          string      C:\APP\ORAUSER\ADMIN\TESTDB\WA

                                                 LLET

SQL> ALTER SYSTEM SET TDE_CONFIGURATION=”KEYSTORE_CONFIGURATION=FILE” SCOPE=BOTH SID=’*’;

System altered.

Creating a Password-Protected Software Keystore:

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY Oracle123Ace;

keystore altered.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY Oracle123Ace;

keystore altered.

SQL> SELECT STATUS FROM V$ENCRYPTION_WALLET;

STATUS

——————————

OPEN_NO_MASTER_KEY

Set the master encryption key by executing the following command:

SQL> set linesize 120

SQL> col wrl_parameter format a45

SQL> select * from v$encryption_wallet;

WRL_TYPE             WRL_PARAMETER                                 STATUS                         WALLET_TYPE

——————– ——————————————— —————————— ——————–

WALLET_OR KEYSTORE FULLY_BAC     CON_ID

——— ——– ——— ———-

FILE                 C:\APP\ORAUSER\ADMIN\TESTDB\WALLET\tde   OPEN                           PASSWORD

SINGLE    NONE     NO                 0

Wallet files location :

Backup database :

RMAN> CONFIGURE ENCRYPTION FOR DATABASE on;

new RMAN configuration parameters:

CONFIGURE ENCRYPTION FOR DATABASE ON;

new RMAN configuration parameters are successfully stored

RMAN> backup database;

Starting backup at 15-MAR-22

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=40 device type=DISK

channel ORA_DISK_1: starting full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

input datafile file number=00001 name=C:\APP\ORAUSER\ORADATA\TESTDB\SYSTEM01.DBF

input datafile file number=00003 name=C:\APP\ORAUSER\ORADATA\TESTDB\SYSAUX01.DBF

input datafile file number=00004 name=C:\APP\ORAUSER\ORADATA\TESTDB\UNDOTBS01.DBF

input datafile file number=00007 name=C:\APP\ORAUSER\ORADATA\TESTDB\USERS01.DBF

channel ORA_DISK_1: starting piece 1 at 15-MAR-22

channel ORA_DISK_1: finished piece 1 at 15-MAR-22

piece handle=C:\APP\ORAUSER\FAST_RECOVERY_AREA\TESTDB\BACKUPSET\2022_03_15\O1_MF_NNNDF_TAG20220315T180619_K31BVDZ6_.BKP tag=TAG20220315T180619 comment=NONE

channel ORA_DISK_1: backup set complete, elapsed time: 00:00:45

Finished backup at 15-MAR-22

Starting Control File and SPFILE Autobackup at 15-MAR-22

piece handle=C:\APP\ORAUSER\FAST_RECOVERY_AREA\TESTDB\AUTOBACKUP\2022_03_15\O1_MF_S_1099418825_K31BWTDZ_.BKP comment=NONE

Finished Control File and SPFILE Autobackup at 15-MAR-22

Restore database without open wallet :

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> exit

Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 – Production

Version 19.9.0.0.0

C:\Users\mazar>sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 – Production on Tue Mar 15 18:10:17 2022

Version 19.9.0.0.0

Copyright (c) 1982, 2020, Oracle.  All rights reserved.

Connected to an idle instance.

SQL> startup mount

ORACLE instance started.

Total System Global Area 1073738560 bytes

Fixed Size                  9036608 bytes

Variable Size             276824064 bytes

Database Buffers          780140544 bytes

Redo Buffers                7737344 bytes

Database mounted.

SQL> select * from v$encryption_wallet;

WRL_TYPE

——————–

WRL_PARAMETER

——————————————————————————–

STATUS                         WALLET_TYPE          WALLET_OR KEYSTORE FULLY_BAC

—————————— ——————– ——— ——– ———

    CON_ID

———-

FILE

C:\APP\ORAUSER\ADMIN\TESTDB\WALLET\TDE\tde\

CLOSED                         UNKNOWN              SINGLE    NONE     UNDEFINED

         0

SQL>

C:\Users\mazar>rman target /

Recovery Manager: Release 19.0.0.0.0 – Production on Tue Mar 15 18:13:28 2022

Version 19.9.0.0.0

Copyright (c) 1982, 2020, Oracle and/or its affiliates.  All rights reserved.

connected to target database: TESTDB (DBID=2882744687, not open)

RMAN> restore database;

Starting restore at 15-MAR-22

using target database control file instead of recovery catalog

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=258 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00001 to C:\APP\ORAUSER\ORADATA\TESTDB\SYSTEM01.DBF

channel ORA_DISK_1: restoring datafile 00003 to C:\APP\ORAUSER\ORADATA\TESTDB\SYSAUX01.DBF

channel ORA_DISK_1: restoring datafile 00004 to C:\APP\ORAUSER\ORADATA\TESTDB\UNDOTBS01.DBF

channel ORA_DISK_1: restoring datafile 00007 to C:\APP\ORAUSER\ORADATA\TESTDB\USERS01.DBF

channel ORA_DISK_1: reading from backup piece C:\APP\ORAUSER\FAST_RECOVERY_AREA\TESTDB\BACKUPSET\2022_03_15\O1_MF_NNNDF_TAG20220315T180619_K31BVDZ6_.BKP

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of restore command at 03/15/2022 18:13:45

ORA-19870: error while restoring backup piece C:\APP\ORAUSER\FAST_RECOVERY_AREA\TESTDB\BACKUPSET\2022_03_15\O1_MF_NNNDF_TAG20220315T180619_K31BVDZ6_.BKP

ORA-19913: unable to decrypt backup

ORA-28365: wallet is not open

RMAN>

Restore database after opened wallet :

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY Oracle123Ace;

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE

——————–

WRL_PARAMETER

——————————————————————————–

STATUS                         WALLET_TYPE          WALLET_OR KEYSTORE FULLY_BAC

—————————— ——————– ——— ——– ———

    CON_ID

———-

FILE

C:\APP\ORAUSER\ADMIN\TESTDB\WALLET\tde

OPEN                           PASSWORD             SINGLE    NONE     NO

         0

RMAN> restore database;

Starting restore at 15-MAR-22

using target database control file instead of recovery catalog

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=20 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00001 to C:\APP\ORAUSER\ORADATA\TESTDB\SYSTEM01.DBF

channel ORA_DISK_1: restoring datafile 00003 to C:\APP\ORAUSER\ORADATA\TESTDB\SYSAUX01.DBF

channel ORA_DISK_1: restoring datafile 00004 to C:\APP\ORAUSER\ORADATA\TESTDB\UNDOTBS01.DBF

channel ORA_DISK_1: restoring datafile 00007 to C:\APP\ORAUSER\ORADATA\TESTDB\USERS01.DBF

channel ORA_DISK_1: reading from backup piece C:\APP\ORAUSER\FAST_RECOVERY_AREA\TESTDB\BACKUPSET\2022_03_15\O1_MF_NNNDF_TAG20220315T180619_K31BVDZ6_.BKP

channel ORA_DISK_1: piece handle=C:\APP\ORAUSER\FAST_RECOVERY_AREA\TESTDB\BACKUPSET\2022_03_15\O1_MF_NNNDF_TAG20220315T180619_K31BVDZ6_.BKP tag=TAG20220315T180619

channel ORA_DISK_1: restored backup piece 1

channel ORA_DISK_1: restore complete, elapsed time: 00:00:25

Finished restore at 15-MAR-22

RMAN> recover database;

Starting recover at 15-MAR-22

using channel ORA_DISK_1

starting media recovery

media recovery complete, elapsed time: 00:00:01

Finished recover at 15-MAR-22

RMAN> alter database open;

Statement processed

RMAN>

Auto login wallet can able to enable. If its enable, it will automatically open the wallet

If we suppose need to restore the database, we need to copy wallet file manually to the target server and enable wallet location, open the wallet with key and restore database .

« Older Entries