Goldengate software has been used by many large enterprises for data disaster recovery. If used for off-site backup disaster, many are required to rent the public network of the transmission line, and many of these data are corporate secrets, in order to prevent confidential data is hackers to gain damage to the interests of enterprises, need to goldengate security to do some enhancements.
In addition to establishing operating system and database-level security precautions, you can develop appropriate security policies at the goldengate level. The data extracted by Goldengate can be protected locally by encrypting the Trail file and the database file. In the process of network transmission goldengate can also encrypt the transmission of data, users can define their own key to encrypt data, so that hackers even acquired data can not decrypt it.
Here are a few ways to protect goldengate and data security.
First, encrypt the trail file
Encrypting the Extract trail file is simply a matter of adding the Encrypttrail parameter to the extract parameter file. The extract process encrypts the trail file that was generated after the parameter was added. If the production trail file is encrypted, then the corresponding decrypttrail parameter must be added to the parameter file in the disaster-tolerant terminal to decrypt the trail file for storage.
Below is a comparison of the contents of the trail file before and after encryption with Logdump (the tool for viewing goldengate trial files).
Contents of extract before encryption:
Example 1:
Ggsci (OE5) 55> view params Extma
EXTRACT Extma
UserID GOLDENGATE@ORCL1, Password goldengate
Setenv (nls_lang= "American_america"). We8iso8859p1 ")
Gettruncates
Reportcount EVERY 1 MINUTES, RATE
Numfiles 50000
Discardfile./dirrpt/extma.dsc,append,megabytes 50
Warnlongtrans 2h,checkinterval 3m
Exttrail./dirdat/ma
Dboptions Allowunusedcolumn
Tranlogoptions Convertucs2clobs
Dynamicresolution
Table scott.*;
The contents of the Extract trail file before being encrypted:
Example 2:
Logdump >open./dirdat/ma000001
Current Logtrail is/opt/goldengate/orcl1/dirdat/ma000001
Logdump >GHDR on
Logdump >detail Data
Logdump >ggstoken Detail
Logdump >pos 0
Reading forward from RBA 0
Logdump >n
Logdump >n
___________________________________________________________________
Hdr-ind:e (x45) Partition:. (x04)
Undoflag:. (x00) beforeafter:a (x41)
Reclength:23 (x0017) I/O time:2011/03/22 00:09:39.000.000
Iotype:5 (x05) orignode:255 (XFF)
Transind:. (x00) formattype:r (x52)
syskeylen:0 (x00) Incomplete:. (x00)
Auditrba:2 auditpos:29881732
Continued:n (x00) reccount:1 (x01)
2011/03/22 00:09:39.000.000 Insert Len RBA 1391
Name:scott. TEST
After image:partition 4 G b
0000 0005 0000 0001 3100 0100 0a00 0000 066f 7261| ...... 1......ora
636C 65 | Cle
Column 0 (x0000), Len 5 (x0005)
0000 0001 31 | ... 1
Column 1 (x0001), Len (x000a)
0000 0006 6f72 6163 6c65 | ... Oracle--you can see the words clearly
GGS Tokens:
Tokenid x52 ' R ' orarowid Info x00 Length 20