Skip to main content
๐Ÿ““ Tibero Online Manual Click here ๐Ÿ““

Search

Welcome to Tibero GTS!

Using SAVE CREDENTIAL for Connection Information Encryption

Document Type | Technical Information

Category | Administration

Applicable Product Version | Tibero 7.2.4.

Document Number | TADTI166

 

Overview

This article explains how to change Wallet permissions, perform connection tests, and apply it to existing scripts.
Wallet files created with the SAVE CREDENTIAL function should have restricted permissions to enhance security.
 
 
 

Method

Add Environment Variable 

To use connection information encryption, a wallet environment variable is required. 
In Tibero, ISQL_WALLET_PATH is used as the wallet environment variable. 
Add the following to the OS Profile. 

$ export ISQL_WALLET_PATH=/tibero_data/$TB_SID/wallet/wallet.dat


Create Wallet Directory 

If the directory where the wallet file will be stored does not exist, create the directory. 
$ mkdir -p /tibero_data/$TB_SID/wallet 
$ chmod 700 /tibero_data/$TB_SID/wallet


Create tbSQL Wallet

Connect to tbsql and create the wallet. 
The wallet is created using the user information (ID/Password) used to connect to tbsql.

$ tbsql 

tbSQL 7

TmaxTibero Corporation Copyright (c) 2020-. All rights reserved.

Can't login with the wallet file.
Login a database and SAVE CREDENTIAL again.
Enter Username: dbuser 
Enter Password: dbuserpassword 
Connected to Tibero. 

SQL> SAVE CREDENTIAL 
Complete to generate the wallet file. 

SQL>exit 
Disconnected. 

$ls -alt $ISQL_WALLET_PATH 
-rw-r--r--. 1 tibero dba 16 Nov  5 15:50 /tibero_data/tibero/wallet/wallet.dat


Change Wallet Permissions 

Change permissions so that other users cannot use the Wallet file. 
$ chmod 600 $ISQL_WALLET_PATH 
$ ls -alt $ISQL_WALLET_PATH 
-rw-------. 1 tibero dba 16 Nov  5 15:50 /tibero_data/tibero/wallet/wallet.dat


Wallet Application Test 

If you can connect to the DB by entering only tbsql without ID and Password and queries execute normally, you have connected using the Wallet. 
$  tbsql

tbSQL 7

TmaxTibero Corporation Copyright (c) 2020-. All rights reserved.

Connected to Tibero.

SQL> select * from dual; 
DUMMY 
----- 
X 
1 row selected.


Comparison Before/After Script Modification

Before Change โ€“ ID and Password are assigned as variables within the script and used
$ tbsql figuration --------------------------------
MONITOR=$HOME/tbinary/monitor

USER=user
PASS=userpasswd

print_version
print_warning

tbsql $USER/$PASS @command.sql

 

After Change โ€“ Connection possible without ID and Password variables using Wallet
tbsql @command.sql

 

Related to