Oracle-Wallet, something fishy?

Similar Questions

• How to check if you have installed Oracle Wallet

  Hi all

  11.2.0.3.8

  I inherited this database.

  I check the sqlnet.ora and I see the oracle wallet folder path here.

  But I do not know if the portfolio has been installed and configured or installation. And I don't know the password to open the database of portfolio with it.

  Can you help me how to check if the portfolio is installed? Is there a data dict views for her?

  Thank you

  pK

  As you can check sqlnet.ora, I guess you can also consult other parts of the file system, if you see if there is a portfolio at the location given (by the sqlnet.ora)?

  A more graphical approach could use owm (Oracle Wallet Manager).

  However we need the password in the portfolio, if you want to do something with this portfolio.

• Oracle Wallet - autoLogin or auto_login_local

  Hi ,

  I have a few Questions reclassification Oracle Wallet:

  Q 1: How do I know the portfolio (which already created) autoLogin or auto_login_local.

  
  Q 2: If the portfolio is auto_login_local is it ok to move it to another host?

  
  Q 3: is it safe to change the portfolio of auto_login_local to auto_login (using EM) if the DB already encrypted tablespaces?

  Q 4: it's ok delete us the portfolio if we costed rman backup and encrypted tablespaces?

  ---

  I would really appreciate your help

  A1) you can find it out if you look at it. Both are named cwallet.sso.

  However, the auto_login_local works only on the host on which has been created and can be queried by the OS user who created it.

  I think you can try to run: orapki wallet view - Portfolio with any other user of the OS.

  (A2) has already responded in A1)

  (A3) Yes, you can drop this auto_login_local portfolio and create an auto_login one. It is important to have a backup of the ewallet.p12. The cwallet.sso can be easily recreated.

  A4) you can not delete the portfolio. If you remove this package that contains the keys of master TDE who encrypted tablespaces, you will lose these data - you'll get it, but you will not be able to decipher.

• use Oracle wallet to connect via node?

  I would use an Oracle wallet instead of hard-coding the user ID and the password in my javascript or config files.  I tried to drop the user settings and the login password and simply by using a connection string in this format = "" / @db_alias ", but am not able to connect."  I get an error on the valid username and password.  Has anyone else managed to use a wallet to authenticate with the node module?

  I understood that... I activated the external authentication and left the connection to the db_alias without a slash or @.

• expdp with the Oracle Wallet closed?

  Can you expdp with the Oracle Wallet closed without receiving an error ORA... I guess not, because I can NOT FIGURE IT OUT...

  Hey Joe,

  Not possible AFAIK. The encryption associated with command line switches all wear them on encrypting the dump files and nothing else. The only way for datapump to read the data of transparent data encryption is if the portfolio of database level is open. This is possible at the level of the database with an alter database command.

  I think you're out of luck, you'd have to somehow coordinate when you extract with when the team opens the wallet.

  See you soon,.

  Rich

• Keystore of JKS and Truststore, and Oracle Wallet

  I'm configureing Oracle Forms and reports 11 GR 2 incorporating OID/OIM/OAM webgate/webtier.  WLS use JKS Keystore and Truststore, and Oracle HTTP Oracle Wallet. I have all of this on a single server. Do I have to keep two of them? I asked a certificate with OWM. It can also be used by JKS Keystore?

  What should I do?

  Thank you!

  HP

  Oracle Wallet is used by OHS, while WebLogic uses based JKS keystore.

  So if you have the OHS and WebLogic and there is a requirement for SSL, you need both.

  Ref: http://docs.oracle.com/cd/E23943_01/core.1111/e10105/wallets.htm#ASADM10226

• How to upgrade the version of oracle wallet manager

  Hello

  We use Oracle Application server 10g and in our system Oracle wallet manager version 3.
  

  Currently, we are unable to create the CSR file generated with the SHA1 using Portfolio Manager of Oraclealgorithm.

  Is it possible to update the Oracle wallet manager ?

  Please guide.

  
  

  Concerning

  
  

  Hello

  Portfolio Manager of Oracle that comes with the OAS 10 g cannot be upgraded.

  You must upgrade complete Oracle home itself so that the OWM gets updated with it.

  Thank you

  Sharmela

• SSL encryption using oracle wallet

  Hello

  We have a following installation program:

  We have mobile solution that is like IPADS and mobile devices for which active SSL connection from end to end is required. The client suggested for Oracle wallet

  There is an application server that makes call to the database server that has a stored proc, this stored procedure uses internal DBMS_HHTP that calls the weblogic server. Someone has such or the same type of environment and can they share how they configured and use wallet oracle for this environment.

  Concerning

  Ash

  
  

  Oracle Wallet is a bad solution for mobile applications.

• Problems with utl_https, Oracle Wallet and firewall

  Hi all
  We experiment utl_http and Oracle wallet and try to make a transfer of https, but we are facing some problems. I'd appreciate your help greatly if you can advise on what could be wrong. We are on db version 10.2.0.1 and Unix HP - UX and operate since in a firewall. The intention is a https url ping command and get a 200 simple answer. Future development would include documents XML get/post to this url and other interesting things. I understand that utl_http with Oracle wallet can be used for this purpose.
  
  The portfolio was created and the ewallet.p12 exists. We downloaded the url Web site SSL certificate and downloaded in the portfolio. Everything works if I put in a url with http simple but then things work with a HTTP * S * url. Is what is called HTTPS TUNNELING required because we have a firewall? I don't know what it is or how it can be done.
  I tried https with a URL internal breast of the firewall. But again, no luck. -So probably not just a firewall problem.
  With HTTPS when I run the code below, I get the following error with https internal or external sites. Yet once, greatly appreciate your time and help because it is the first time us use Oracle wallet manager and don't know where to go from here.
  
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS." UTL_HTTP", line 1029
  ORA-29268: error of the HTTP client
  
  declare
  URL varchar2 (225);
  Utl_http.req req;
  resp utl_http.resp;
  my_proxy BOOLEAN;
  name varchar2 (2000);
  value varchar2 (2000);
  V_proxy VARCHAR2 (2000);
  v_n_proxy varchar2 (2000);
  v_msg varchar2 (100);
  v_len PLS_INTEGER: = 1000;
  BEGIN
  -Disable the verification of the status code.
  Utl_http.set_response_error_check (false);
  -Set proxy server
  Utl_http.set_Proxy ('my-proxy');
  Utl_http.set_wallet ("file: < Unix full path to the wallet on DB server > ',' wallet998'");
  Req: = utl_http.begin_request ('https://service.ariba.com/service/transaction/cxml.asp');
  -Authentication proxy set
  Utl_http.set_authentication (req, 'myproxyid', 'myproxypswd', 'Basic', TRUE); -Use HTTP Basic
  
  resp: = utl_http.get_response (req);
  
  FOR i IN 1.utl_http.get_header_count (resp) LOOP
  Utl_http.get_header (RESP, i, name, value);
  dbms_output.put_line(Name ||) ': ' || (value);
  END LOOP;
  Utl_http.end_response (resp);
  exception
  while others then
  dbms_output.put_line (SQLERRM);
  END;

  user11992646 wrote:

  The difference between your method and this new method is that you spend the user_name: pswd as part of the url, so here it is passed as a parameter of the set_proxy.

  Using the user name and password in the proxy URL is often the easiest way to deal with authentication of the proxy - even supported under Linux with the environment variable http_proxy (that you can set for s/w to detect which is the proxy configuration, when access to the web).

  Would be in him passing a part of set_proxy also be considered as in "clear text"?

  Don't know exactly what it generates http traffic. Likely basic auth?

  It may seem that some form of "+ encryption +" is done with basic authentication. The user name and password are strung with a colon separator and then encoded in base64. So, the resulting string seems encrypted to the human eye, but can easily be decoded again (no secret necessary to perform decoding).

  So this is about as insecure as passing user name and password in clear text - darkening bit added to the meter reading it naked.

  In the Windows world (where it is stuck inside and look at the free and open to the outside Standards), proxy servers often use NTLM (new technology/LAN Manager) authentication. Not this again as LanManager goes back to BACK 5 project of the 1980s. ;-)

  Anyway, NTLM is a proprietary protocol and not easily supported when you code using UTL_HTTP. Basic authentication will fail in this case, the proxy expects that NTLM authentication. The workaround is to add the user name and password to the URL of the proxy (as I did in this example code).

  My problem is why set_authentication does not require us to use methods "unsupported"? It seems an obvious Oracle bug that they must solve.

  I think that you also use NTLM authentication on the proxy server? This isn't a standard. It is the crass seller proprietrary. No real compelling reason for other providers to support - especially not when there are open standards available and used.

  We have a beautiful SR and you said that you have opened a SR before without success. I'm surprised Oracle is dropping the ball on such a useful tool.

  My SR has been essentially around get UTL_HTTP proxy access work with NTLM - where workaround has been as I described. I don't see this as a particular problem, Oracle have to solve.

  The question is a consequence of the decision to use proprietary protocols and "+ standards. If anyone is to blame, it's Microsoft and their attempts at blocking of clients in a complete solution of owner. Unfortunately, these attempts often succeed too.

• TDE and oracle Wallet

  Hi all

  11.2.0.1

  I'm confused, what are the differences between ad Wallet TDE.

  They use or share the same views of $ v s/n?

  Thank you

  pK

  mkstore manages a portfolio as a secure password store.  It is an interaction between the client and SQL * Net at connect time.  The database is not up-to-date and does not need to be, so there is nothing in V$ PORTFOLIO.

  If you create a portfolio only for use as a secure password store, you can simply delete the wallet file using the commands of the o/s if you want to.  The file and all credentials stored in it will be gone.

  orapki manages a portfolio of Private Key Infrastructure (certificates).  This can be used with TDE, but I did not implement that personally.  This seems to be the use of the portfolio that you wish to learn more.

  The first shot (in my area) Google searches in the "orapki" and "portfolio $tde portfolio v" go directly to the relevant sections of the Oracle documentation for more information about PKI portfolios and their interaction with the transparent data encryption.

• Issue of Oracle Wallet

  Good afternoon
  
  Well once more, they have me trying to understand certain issues more than oracle. To make a long story short, one of the servers that we have which is on a separate network, I had to create a portfolio of oracle to connect to our database on the server on an SSL port, out to our dev database. I could put in place using Portfolio Manager and connect to the database successfully.
  
  We are doing this is because we have some configuration DBlinks and we try to extract data from another schema. Well I had to create another portfolio of oracle on another server to go to our test database, but this time, this network has security quite tight, firewall on the switch, ACL on some other hardware.
  
  Initially, that we had to get one of the network guys to open the port to the database because when we realized a tnsping, we do not receive a response. After the change, we have received a satisfactory response, and I started to create the portfolio on the other. All was successful and I edit the sqlnet.ora file similar to the other server. I connect to the database with the schema owner we have a database and I execute a simple select statement to extract data from the other database using the DBlink. My problems is that I'm "" Error: ORA_28759: could not open the file "." Sqlnet.ora portfolio points correct and automatic connection is enabled.
  
  I wonder if there is another port or socket that the oracle portfolio or the DBlinks uses that network could possibly be blocking. We do not have DBA enough so we're stuck on trying to understand this.
  
  Sorry for the long post.

  Check the permissions on the directory where the wallet file is placed.

• How to replace /faces by /oracle or something else in webcenter

  Hello

  
  Can someone help me solve the problem with dynamic pages created in the webcenter portal.

  I modified the web.xml file to replace the faces of the url according to our requirement for example oracle

  < servlet-mapping >

  < name servlet - > Faces Servlet < / servlet-name >

  < url-pattern > /visages / * < / url-pattern >

  < / servlet-mapping >

  This works for pages created the design time. This change does not work for the Administration or pages created running. As soon as I click on any page or link Administration that they take /faces context only in the URL.

  If I manually replace faces oracle in the URL it is go to my page, or else get the error page. Please let me know if any additional details required

  Thank you
  Suresh

  Hi Daniel,.

  For help from under the filter, I am able to solve my problem

  public class UrlRewriteFilter implements Filter {

  @Override
     public void init(FilterConfig config) throws ServletException {
     //
     }

  @Override
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
     HttpServletRequest request = (HttpServletRequest) req;
     String requestURI = request.getRequestURI();

  if (requestURI.startsWith("//faces")) {
     String toReplace = requestURI.substring(requestURI.indexOf("/faces"), requestURI.lastIndexOf("/") + 1);
     String newURI = requestURI.replace(toReplace, "/home");
    req.getRequestDispatcher(newURI).forward(req, res);
     } else {
    chain.doFilter(req, res);
     }
     }

  @Override
   public void destroy() {
   //
   }
}

  The corresponding section in web.xml look like this:

     urlRewriteFilter   com.example.UrlRewriteFilter   urlRewriteFilter   /*
  

  Thank you
  Suresh

• Register of the firewall of oracle audit vault server on database

  Hello

  I installed two VM virtualbox:
  (( 1) - audit Vault Server () V. 12.1)
  (( 2 ) - oracle Database Firewall () V. 12.2)
  
  console dbfw, I installed the certificate copied console Audit Vault, assigned the IP: 192.168.56.5 the audit Vault Server and Save this configuration
  
  While:
  
  Audit Vault console J’ai entered the name de dbfw (dbfw080027067955) copied from The Network Configuration -> Management interface () I think , right?) et I entered in the nom : dbfw080027067955 () I have tried with DBFW only) and IP: 192.168.56.14, but as soon as I select the recording, I get the error:
  
  FVO -46599: internal error: Impossible to import certified firewall in oracle wallet
  
  something mal?

  
  

  Thank you, Massimo
  

  Thank you Vlad,

  I solved this problem.  My problem is the key to different certification, version 12.2, it's different.

  I installed the same version (12.2) and solve the problem

  Best regards, Massimo

• Oracle Security Advisory Audit Q2

  Hi all

  My boss give me control of security check, read safety information from Oracle.

  He wants me to post with our existing PROD database configuration.

  Did you this security check in your PROD databases?

  1.

  1. 1.1.1 to ensure that the following are not installed by default
     1. 1.1.1.1 space
     2. 1.1.1.2 OLAP
     3. 1.1.1.3 data mining
     4. 1.1.1.4 . real Application Testing
  2. 1.1.2 install not the sample schemas

  
  

  How do you know if they have been installed by default? And how I uninstall them?

  
  

  2.

  1. 1.1 do not allow remote OS authentication

  
  

  Does that mean I can let local authentication OS?
  

  
  

  In addition, we have a problem to hide passwords in batch job scripts.

  And I suggested to the security officer to use OS authentication (I mean local)

  But he he disapproves because for the above mentioned reason.

  So can I reason with him that he misunderstood?

  
  

  
  

  Thank you

  
  

  zxy
  

  
  

  
  

  
  

  
  

  Once again, if you have a specific problem / concern with previous notice, please ask a specific question.  Ask 100 people in the hope that their environment is being something you do not want to copy is not particularly useful.  All 100 could meet the standards you cite.  And none of them can be adapted to your environment.

  I haven't used human operators to run scripts nightly as part of batch processing in, well, never.  In environments that I've been around, operators exist to monitor systems, calling people at opportune times when files do not appear, people call when errors or something is not happening timely.  They shouldn't need to run scripts on a regular basis - they should have applications that can provide the information they need.  If you plan to write a Perl script that is trivial to be too difficult for your organization, this model is unlikely to be useful for you.

  I don't understand why the suggestions before using an Oracle wallet are not enough for you, so I don't really no way to offer additional suggestions.

  Justin

• Are global temporary tables, a standard feature of Oracle?

  I apologize for introducing me to this community with what must seem like a very stupid question...

  I am a software developer, working on a product that uses Oracle as its database, specifically Oracle 11 g Enterprise Edition. Recently, I solved a problem of performance by converting an ordinary table into a global temporary table. Before my boss allows me to put this change in the product, it wants to be sure that global temporary tables are a standard part of Oracle, not something that the customer must install separately or pay extra for. (This is the first time that we never used them in our product, so I think that most of the team are not familiar with them).

  I know that Oracle has had global temporary tables since the last millennium, so if ever, they have been a feature of the premium, they are unlikely to be now, but the boss wants me to get independent confirmation of this.

  Thank you.

  Steve Pemberton

  Here you can see "feature availability by Edition":

  http://docs.Oracle.com/CD/E11882_01/license.112/e47877/editions.htm#DBLIC116

  TWG tables is not even mentioned, which means that they do not belong to the functional components are paid separately.

  One caveat - if you have an application that uses connection pooling, it is recommended to use ON COMMIT DELETE ROWS, not ON COMMIT PRESERVE ROWS

  (or always use explicitly "DELETE gtt_table" at the beginning), because otherwise a user of the application can display the data TWG who has previously made a second user of the application.

  Kind regards

  Zlatko