GoldenGate的安全配置

在实施GoldenGate的时候，安全这一项往往是被忽视的。但是作为一个完整运行的GoldenGate系统，基本的安全设置还是很有必要的，比

口令加密

3、网络传输加密不能使用

所以通常情况下还是需要自己生成密钥文件。生成密钥文件需要两个步骤：

具体操作如下：

[ggate@ogg_s current]$ ./keygen 128 3

0x345CEB2DA213DC2F75B0514484FCAB42

0xD8A1B350AF392A75C52EE540B169B267

0x7CE77B73BD5F783A15AD783DDFD6B80C

# 将密钥存储到文件中，，一行一个密钥

[ggate@ogg_s current]$ cat ENCKEYS

## Key-name Key-value

PASSWDKEY 0x345CEB2DA213DC2F75B0514484FCAB42

TRAILKEY 0xD8A1B350AF392A75C52EE540B169B267

TCPIPKEY 0x7CE77B73BD5F783A15AD783DDFD6B80C

配置好密钥文件后，我们就可以对数据库账号的口令进行加密了。

GGSCI (ogg_s) 1> ENCRYPT PASSWORD OGG123 ENCRYPTKEY PASSWDKEY

Encrypted password: AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF

Algorithm used: AES128

GGSCI (ogg_s) 2> ENCRYPT PASSWORD OGG123 ENCRYPTKEY DEFAULT

Using default key...

Encrypted password: AACAAAAAAAAAAAGACARARDMENDJHIIFG

Algorithm used: BLOWFISH

GGSCI (ogg_s) 3> DBLOGIN USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

Successfully logged into database.

...

SETENV (Oracle_HOME=/u01/app/oracle/product/11.2.0/db_1)

SETENV (ORACLE_SID=ggtest)

--USERID OGG, PASSWORD OGG123

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

EXTTRAIL /data/ggate/dirext/ggtest/ea

...

Trail文件加密

如果是加过密的，那数据就是一团乱码了：

...

SETENV (ORACLE_SID=ggtest)

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

ENCRYPTTRAIL AES128 KEYNAME TRAILKEY

EXTTRAIL /data/ggate/dirext/jet2/ea

DISCARDFILE /u01/app/oracle/product/ggate/current/dirrpt/EJET2.dsc, APPEND, MEGABYTES 500

FETCHOPTIONS FETCHPKUPDATECOLS

...

...

SHOWSYNTAX

DYNSQL

DBOPTIONS DEFERREFCONST

DECRYPTTRAIL AES128 KEYNAME TRAILKEY

MAP JET2.*, TARGET JET2.*;

...

...

DECRYPTTRAIL AES128 KEYNAME TRAILKEY

RMTHOST ogg_t, MGRPORT 7809

ENCRYPTTRAIL AES128 KEYNAME TRAILKEY

RMTTRAIL /data/ggate/dirrep/jet2/at

...

网络传输加密

...

USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY

RMTHOST ogg_t, MGRPORT 7809, ENCRYPT AES128 KEYNAME TCPIPKEY

RMTTRAIL /data/ggate/dirrep/jet1/at

...

ERROR OGG-01453 Oracle GoldenGate Capture for Oracle, pjet1.prm: Database login information not specified in parameter file.

GoldenGate更新丢失问题

GoldenGate单向表DML同步

Oracle GoldenGate 系列：Extract 进程的恢复原理

Oracle GoldenGate安装配置

Oracle goldengate的OGG-01004 OGG-1296错误

Oracle GoldenGate快速入门教程：基本概念和配置

搭建一个Oracle到Oracle的GoldenGate双向复制环境

本文永久更新链接地址：