Database Reference
In-Depth Information
mkstore -wrl C:\Users\FredF\fredf -viewEntry oracle.security.client.connect_string1
mkstore -wrl C:\Users\FredF\fredf -viewEntry oracle.security.client.username1
mkstore -wrl C:\Users\FredF\fredf -viewEntry oracle.security.client.password1
Notice that we give the name of the first credential as
orcl_appver
- that stands for the
appver
user
on the
orcl
Oracle database instance. We need to make some additions to the
sqlnet.ora
and
tnsnames.ora
files that configure the
TNSNames
(transparent network substrate) search for database
instances. TNS is to
SQLnet
(Oracle's database network communication protocol) as domain name
services (DNS) is to TCP/IP. TNS allows us to have multiple names (aliases) for a single Oracle database
instance and to write our applications with references to aliases that can at various times point at
different Oracle instances. This flexibility is a primary reason for naming services; the other primary
reason is to do remote lookup (not storing all names and addresses locally) and its corollary reason:
centralized management of name/address associations. Of course we need to use LDAP or something
similar for our TNSNames service to achieve that second goal.
There are many features of the TNSNames service that we are not covering in this topic. Please refer
to the Oracle Database Net Services Reference book for more information.
The
sqlnet.ora
and
tnsnames.ora
files exist or need to be created in a specific directory of the client.
Both of them are in a directory like
%ORACLE_HOME%\network\admin
, depending on your installation.
Add the line in Listing 11-10 to your
sqlnet.ora
file. For a basic client wallet installation, you only need to
specify the
WALLET_OVERRIDE
directive. You could also specify the
WALLET_LOCATION
directive, but it would
most likely be unused. I have found that the format for the
WALLET_LOCATION
directive is a bit sensitive;
while (for specific Oracle client versions) drive letters are allowed, quotation marks and a trailing “\”
character are not. Also note that wallets created by the Oracle 11g client cannot be used with Oracle 10g
clients, but 10g wallets can be used in 11g clients.
Listing 11-10.
Addition to Client sqlnet.ora File for Wallet
SQLNET.WALLET_OVERRIDE=TRUE
Caution
Placing the
WALLET_OVERRIDE
directive in a
server
sqlnet.ora
file (e.g.,
%ORACLE_HOME%\NETWORK\ADMIN\sqlnet.ora
) can keep the Oracle database from responding to client
connections. My suggestion, if you are testing the client wallet on the same computer as the Oracle database, is
that you start the database without
WALLET_OVERRIDE
in the
sqlnet.ora
file, and then add that directive
temporarily
when testing the client wallet.
Add the lines in Listing 11-11 to your client
tnsnames.ora
file. The first section is a standard
TNSNames entry for an Oracle instance. For each password we enter in the wallet, we will need an
additional entry in
tnsnames.ora
. If you have made entries in
tnsnames.ora
before, but never used the
wallet, this may seem a bit strange to you. But consider that you are giving the password for a specific
user for each credential in the wallet, so you are coordinating that password with an entry in
tnsnames.ora
. For example,
orcl_appver
is an entry in
tnsnames.ora
that is specifically for use by the
appver
user.