Professional Documents
Culture Documents
RMAN>
Executing Repairs
In Enterprise Manager, the Data Recovery Advisor leads you to this page. The job scheduler
initiates the execution of the RMAN repair script.
...
Executing Repairs
The Data Recovery Advisor displays this page. In the preceding example, a successful repair is
completed.
File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------
2 OK 0 22892 66720 981662
File Name: /u01/app/oracle/oradata/orcl/sysaux01.dbf
Block Type Blocks Failing Blocks Processed
---------- -------------- ----------------
Data 0 10529
Index 0 9465
Other 0 23834
File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------
4 OK 0 24 640 963835
File Name: /u01/app/oracle/oradata/orcl/users01.dbf
Block Type Blocks Failing Blocks Processed
---------- -------------- ----------------
Data 0 43
Index 0 63
Other 0 510
File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------
5 OK 0 1732 12800 745885
File Name: /u01/app/oracle/oradata/orcl/example01.dbf
Block Type Blocks Failing Blocks Processed
---------- -------------- ----------------
Data 0 4416
Index 0 1303
Other 0 5349
channel ORA_DISK_1: starting validation of datafile
channel ORA_DISK_1: specifying datafile(s) for validation
including current control file for validation
including current SPFILE in backup set
channel ORA_DISK_1: validation complete, elapsed time: 00:00:01
List of Control File and SPFILE
===============================
File Type Status Blocks Failing Blocks Examined
------------ ------ -------------- ---------------
SPFILE OK 0 2
Control File OK 0 594
Finished validate at 21-DEC-06
RMAN>
...
...
NEW
...
NEW
By default:
• Default password profile is enabled
• Account is locked after 10 failed login attempts
In upgrade:
• Passwords are case insensitive until changed
• Passwords become case sensitive by ALTER USER
On creation:
• Passwords are case sensitive
Tablespace Encryption
Tablespace encryption is based on block level encryption that encrypts on write and decrypts on
read. The data is not encrypted in memory. The only encryption penalty is associated with I/O.
The SQL access paths are unchanged and all data types are supported.
To use tablespace encryption the encryption wallet must be open.
The CREATE TABLESPACE command has an ENCRYPTION clause that sets the encryption
properties, and an ENCRYPT storage parameter that causes the encryption to be used. You specify
USING 'encrypt_algorithm' to indicate the name of the algorithm to be used. Valid
algorithms are 3DES168, AES128, AES192, and AES256. The default is AES128. You can view
the properties in the V$ENCRYPTED_TABLESPACES view.
The encrypted data is protected during operations like JOIN and SORT. This means that the data
is safe when it is moved to temporary tablespaces. Data in undo and redo logs is also protected.
Restrictions:
• Temporary and undo tablespaces cannot be encrypted. (selected blocks are encrypted)
• Bfiles and external tables are not encrypted.
• Transportable tablespaces across different endian platforms is not supported.
• The key for an encrypted tablespaces cannot be changed at this time. A workaround is: create
a tablespace with the desired properties and move all objects to the new tablespace.
Encrypted Data
Beta Only
Using HSM involves an initial setup of the HSM device. You also need to configure transparent
data encryption to use HSM. Once the initial setup is done, HSM can be used just like an
Oracle software wallet. The following steps discuss configuring and using hardware security
modules:
• Decrypt Encrypted Data Before Switching to HSM
• Set the ENCRYPTION_WALLET_LOCATION Parameter in sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=HSM))
• Copy the PKCS#11 Library to It's Correct Path
• Set Up the HSM
• Generate a Master Encryption Key for HSM-Based Encryption
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY user_Id:password
• Ensure that the HSM Is Accessible
Kerberos Enhancements
The Oracle client Kerberos implementation now makes use of secure encryption algorithms like
3DES and AES in place of DES. This makes using Kerberos more secure. The Kerberos
authentication mechanism in Oracle Database now supports the following encryption types:
• DES3-CBC-SHA (DES3 algorithm in CBC mode with HMAC-SHA1 as checksum)
• RC4-HMAC (RC4 algorithm with HMAC-MD5 as checksum)
• AES128-CTS (AES algorithm with 128-bit key in CTS mode with HMAC-SHA1 as
checksum)
• AES256-CTS (AES algorithm with 256-bit key in CTS mode with HMAC-SHA1 as
checksum)
The Kerberos implementation has been enhanced to interoperate smoothly with Microsoft and
MIT Key Distribution Centers.
The Kerberos principal name can now contain more than 30 characters. It is no longer restricted
by the number of characters allowed in a database user name. If the Kerberos principal name is
longer than 30 characters use:
CREATE USER KRBUSER IDENTIFIED EXTERNALLY AS
'KerberosUser@SOMEORGANIZATION.COM';
Need Beta5
Screenshot
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => 'us-oracle-com-permissions.xml',
description => ‘Permissions for oracle network',
principal => ‘SCOTT',
is_grant => TRUE,
privilege => 'connect');
END;
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => ‘us-oracle-com-permissions.xml',
host => ‘*.us.oracle.com',
lower_port => 80,
upper_port => null);
END
Summary
A summary list appears at the end of each course, unit, module, and lesson. You can format the
summary slide in two ways. For example, you can summarize the lesson or unit in a short
paragraph, or you can simply restate the objectives. Whichever format you choose, use it
consistently for every lesson and unit in your course.
If you decide to simply restate the objectives, try not to repeat them verbatim. Use the following
guidelines for the bulleted list:
• Begin the summary list with this introduction: “In this lesson, you should have learned how
to:”
• Under this introduction, create list items that are sentence fragments beginning with
imperative (action) verbs. Do not use end punctuation.
• If the summary covers only one topic, incorporate that topic in the “In this lesson…”
sentence. Do not create a one-bullet list. For example:
In this lesson, you should have learned how to define a parameter. (Note the end
punctuation.)
not
In this lesson, you should have learned how to:
- Define a parameter