OGG security Feature: Encrypt trail file

Source: Internet
Author: User
Tags decrypt

Goldengate software has been used by many large enterprises for data disaster recovery. If used for off-site backup disaster, many are required to rent the public network of the transmission line, and many of these data are corporate secrets, in order to prevent confidential data is hackers to gain damage to the interests of enterprises, need to goldengate security to do some enhancements.

In addition to establishing operating system and database-level security precautions, you can develop appropriate security policies at the goldengate level. The data extracted by Goldengate can be protected locally by encrypting the Trail file and the database file. In the process of network transmission goldengate can also encrypt the transmission of data, users can define their own key to encrypt data, so that hackers even acquired data can not decrypt it.

Here are a few ways to protect goldengate and data security.

First, encrypt the trail file

Encrypting the Extract trail file is simply a matter of adding the Encrypttrail parameter to the extract parameter file. The extract process encrypts the trail file that was generated after the parameter was added. If the production trail file is encrypted, then the corresponding decrypttrail parameter must be added to the parameter file in the disaster-tolerant terminal to decrypt the trail file for storage.

Below is a comparison of the contents of the trail file before and after encryption with Logdump (the tool for viewing goldengate trial files).

Contents of extract before encryption:

Example 1:

Ggsci (OE5) 55> view params Extma

EXTRACT Extma

UserID GOLDENGATE@ORCL1, Password goldengate

Setenv (nls_lang= "American_america"). We8iso8859p1 ")

Gettruncates

Reportcount EVERY 1 MINUTES, RATE

Numfiles 50000

Discardfile./dirrpt/extma.dsc,append,megabytes 50

Warnlongtrans 2h,checkinterval 3m

Exttrail./dirdat/ma

Dboptions Allowunusedcolumn

Tranlogoptions Convertucs2clobs

Dynamicresolution

Table scott.*;

The contents of the Extract trail file before being encrypted:

Example 2:

Logdump >open./dirdat/ma000001

Current Logtrail is/opt/goldengate/orcl1/dirdat/ma000001

Logdump >GHDR on

Logdump >detail Data

Logdump >ggstoken Detail

Logdump >pos 0

Reading forward from RBA 0

Logdump >n

Logdump >n

___________________________________________________________________

Hdr-ind:e (x45) Partition:. (x04)

Undoflag:. (x00) beforeafter:a (x41)

Reclength:23 (x0017) I/O time:2011/03/22 00:09:39.000.000

Iotype:5 (x05) orignode:255 (XFF)

Transind:. (x00) formattype:r (x52)

syskeylen:0 (x00) Incomplete:. (x00)

Auditrba:2 auditpos:29881732

Continued:n (x00) reccount:1 (x01)

2011/03/22 00:09:39.000.000 Insert Len RBA 1391

Name:scott. TEST

After image:partition 4 G b

0000 0005 0000 0001 3100 0100 0a00 0000 066f 7261| ...... 1......ora

636C 65 | Cle

Column 0 (x0000), Len 5 (x0005)

0000 0001 31 | ... 1

Column 1 (x0001), Len (x000a)

0000 0006 6f72 6163 6c65 | ... Oracle--you can see the words clearly

GGS Tokens:

Tokenid x52 ' R ' orarowid Info x00 Length 20

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.