Scribd
Upload
261 views

Wallet Creation For Password Hiding From Users

The document describes how to configure an Oracle wallet to store database credentials. It explains setting the wallet location, creating the wallet with the mkstore utility, adding user credentials with -createCredential, and connecting to the database using the wallet credentials without specifying a username and password. It also describes adding additional credentials for multiple users by creating a new alias and entry in tnsnames.ora.

Uploaded by

Amardeep Jassal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
261 views

Wallet Creation For Password Hiding From Users

The document describes how to configure an Oracle wallet to store database credentials. It explains setting the wallet location, creating the wallet with the mkstore utility, adding user credentials with -createCredential, and connecting to the database using the wallet credentials without specifying a username and password. It also describes adding additional credentials for multiple users by creating a new alias and entry in tnsnames.ora.

Uploaded by

Amardeep Jassal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 2

WALLET_LOCATION =

(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0

The SQLNET.WALLET_OVERRIDE entry allows this method to override any existing OS


authentication configuration.
Create an Oracle wallet in the previously specified location using the mkstore utility
with the -create option. The wallet is password protected, but is defined with the "Auto
Login" property enabled so connection attempts by the user who created the wallet do not
require a password.
$ mkdir /u01/app/oracle/wallet
$ mkstore -wrl "/u01/app/oracle/wallet" -create
Enter password:
Enter password again:
$

Wallets can be copied to different machines, which can represent a security risk. In 11g
Release 2, you can prevent the auto login functionality of the wallet from working if it is
copied to another machine by creating a local wallet using the "orapki" command, instead
of the "mkstore" command.
$ orapki wallet create -wallet "/u01/app/oracle/wallet" -pwd
"mypassword" -auto_login_local

Once the wallet is created, it can be modified using the "mkstore" command described
below.
Add the password credentials to the wallet using the -createCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential db10g
scott tiger
Enter password:
Create credential oracle.security.client.connect_string1
$

The db_alias, in this case "db10g", is the identifier used in the "/@db_alias" syntax, and
must have a matching entry in the "tnsnames.ora" file.
The credentials present in the wallet are listed using the -listCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -listCredential
Enter password:
List credential (index: connect_string username)

1: db10g scott
$

With the wallet created and the password credentials in place, connect to the database
without specifying the username and password, as shown below.
$ sqlplus /@db10g
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jul 19 08:15:09
2007
Copyright (c) 1982, 2005, Oracle.

All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining
Scoring Engine options
SQL> show user
USER is "SCOTT"
SQL>

That's fine if you only ever connect as a single user to each database, but what if you
connect as multiple users? Simply add a new entry into the wallet using a different
db_alias and make sure the alias is present in the "tnsnames.ora" file. So if we have a
user called "test" on the "db10g" database, we create a new entry in the wallet.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential
db10g_test test test
Enter password:
Create credential oracle.security.client.connect_string1
$

Make a new entry for the "db10g" database in the client "tnsnames.ora" file.
DB10G_TEST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DB10G.WORLD)
)
)

You might also like