Database Reference
In-Depth Information
Guide to rest of chapter
The rest of the chapter will detail Pluggable Databases and all the relevant concepts around them for running a Container
Database on your host. It will not try to expand on backup and recovery for such databases. There is a separate chapter
covering that topic. It also does not attempt to introduce disaster recovery setup: this is done in a separate chapter as well.
The new features about PDBs are quite rich, and to keep this chapter from being too inflated, the above-mentioned
topics have been selected as good candidates for their own chapters.
Implementation details for Pluggable Databases
One of the design goals for Pluggable Databases was to allow for backward compatibility. In other words, anything
that was possible with a database pre-12.1 or a non-CDB should be possible with a PDB.
It will soon become apparent that this promise has been fulfilled. One of the restrictions found during the testing
was the inability to connect to a PDB using operating system authentication. One could argue either way if this is
a serious problem or not, but alternatives are available to fill the void. Local O/S authentication was a neat way to
execute jobs on the database server without having to undergo password maintenance on the account.
eXterNaL aUtheNtICatION
external authentication has been available with Oracle for a long time. Its main function is to allow users to attach
to the database to run batch processes or sqlldr instances without having to worry about hard-coding passwords
in shell scripts. this is problematic from a security point of view, mainly because it bypasses some settings made
in profiles.
On the other hand, not having to worry about password maintenance, password complexity, and storing
passwords is an attractive feature. Consider the following example:
a user created using the “create user username identified externally” clause will be able to log in to Oracle after
logging in to their respective uNIX account username on the same host. the syntax is simple, a “sqlplus /” will
suffice. the same is true for sqlldr and other utilities running on the same host. since there is no password you do
not need to worry about it either. as you can imagine, there is no involvement of the network layer at all. this is no
longer possible in 12c. as you will see later, you need to connect to a pDb using a database service.
bottom line: O/s authentication is a thing of the past and instead of using this type of authentication users should
use the secure external password store instead.
Physical structure of a CDB and PDB
The structure of the Container Database is different from the non-CDB or any previous release. Figure
7-3
illustrates the
main new concepts in a CDB.
Search WWH ::
Custom Search