Hmmm... How, exactly, does Oracle know whether or not you are on "the system where it was created"? This is a problem I encountered with a many years ago with keyed security product (which will remain unnamed by design) where the software keys were meant to work only on a single computer. Because this was a product meant to work with almost any UNIX platform, it could not rely on any hardware- or vendor-specific means of identifying a host. Their solution was ti use the MAC-address of the "first" NIC on the server. After all, MAC addresses are assured to be unique, right? (Okay, they were back then -- this was years before anyone started running UNIX on virtual machines.) Here was the problem though -- if for some reason you had to replace (or even disable) the component containing the "first" NIC on the computer, the computer would get a whole new identity, and the "security" software would stop working. When that happened, you would be unable to mount disks, open a database, or even read backup tapes! What hardware components do I need to replace to make my "local wallet" stop working? Does this work with virtualized machines? Can it be *fooled* by virtual machines? I'm not trying to "poke holes" here. I'm genuinely curious. Cheers! On Thu, Mar 12, 2015 at 3:40 PM, Alex Fatkulin <afatkulin@xxxxxxxxx> wrote: > Just keep in mind that auto login wallet can be opened anywhere (on any > system) without knowing the password. So if someone steals your wallet they > can open it without a password and get access to all your encryption keys. > > If this is not desirable then auto login _local_ wallet might be a better > choice - it can only be opened on the system where it was created. > > On Thu, Mar 12, 2015 at 3:34 PM, Charles Schultz <sacrophyte@xxxxxxxxx> > wrote: > >> Having just tried this myself, I would echo what others have said about >> using Tim Hall's blog. Here is the orapki command you can use to set up a >> SSO auto-login wallet: >> >> orapki wallet create -wallet <full/path/to/your/existing/wallet> >> -auto_login >> >> You will be prompted for the existing wallet pasword, although the >> interface is a bit screwy. >> >> On Thu, Mar 12, 2015 at 2:26 PM, Marcos Colmenares H. < >> mcolmenares@xxxxxxxxxxxxxxxxxxxxxx> wrote: >> >>> Good Day, >>> >>> I found a procedure to auto start the wallet when the DB starts up, >>> using a wrapped procedure, but as oracle points out, "Wrapping is not a >>> secure method for hiding passwords or table names.". >>> >>> Is there a proper way to auto start it with out the security problems? >>> >>> Link to procedure >>> http://arjudba.blogspot.com/2010/12/how-to-open-encryption-wallet.html >>> >>> >>> Best Regards, >>> >>> Marcos Colmenares H >>> >>> -- >>> >> >> >> >> -- >> Charles Schultz >> > > > > -- > Alex Fatkulin, > http://afatkulin.blogspot.com >