hey max - just spent a few seconds refreshing my memory and i wanted
to briefly circle back on this thread
first off, two recent oracle-l threads related to this topic might be
worth reading:
//www.freelists.org/post/oracle-l/Autostarting-wallet-question,3
https://www.freelists.org/post/oracle-l/Transparent-Data-Encryption,3
there are some important differences between "auto-login" wallets and
a "local-auto-login" wallets. auto-login wallets have been around for
a long time - i see references in the docs as far back as version
8.1.7 [ http://docs.oracle.com/cd/A87860_01/doc/index.htm ]. I don't
see mention of *local* auto-login wallets before version 11.2. note
that both use the filename "cwallet.sso"... so just by looking at the
filename you can't tell if it's local or not on version 11gR2.
(brilliant...)
i said in one of those old threads that i'd be hesitant to use the old
"auto-login" wallet. lots of people do use them - you just need to be
aware that the cwallet file *can* be copied to any server and used to
decrypt data - with no password - so be very careful with them! under
no circumstances should they be backed up with your data!
local wallets cannot be copied to another server, although Oracle of
course hasn't published the algorithms they use to identify the local
machine or obfuscate the keys - and some very security-minded folks
still prefer to avoid these.
On Sun, Sep 27, 2015 at 9:40 AM, max scalf <oracle.blog3@xxxxxxxxx> wrote:
So if i understand you correctly(for 11g) that as long as we replicate our
ewallet.p12 file on the DR server and create/generate a local wallet we
should be good to go for the restore on DR side.
So i am guessing the same rule apply, don't backup your database and the
ewallet.p12 key to same location(especially not the cwallet.sso file, better
of not backing this file up as it's useless elsewhere).
