Sounds weird creating table does not raise any error, but inserting a correct tuple in this table raise a permission error, right? Just take a look:
SQL> create table matheusdba.table_test(a number) tablespace TEST_TABLESPACE; Table created. SQL> insert into matheusdba.table_test values (1); insert into matheusdba.table_test values (1) * ERROR at line 1: ORA-01950: no privileges on tablespace 'TEST_TABLESPACE'
Hi all!
Just a curiosity: Have you ever noticed in a database alert log the occourance of the following message for every logfile switch:
Thread 1 cannot allocate new log, sequence 9281 Private strand flush not complete Current log# 5 seq# 9280 mem# 0: /db/u5001/oradata/GREPORADB/redo05a.log Thread 1 advanced to log sequence 9281 (LGWR switch) Current log# 6 seq# 9281 mem# 0: /db/u5001/oradata/GREPORADB/redo06a.log
More“Alert Log: “Private Strand Flush Not Complete” on Logfile Switch”
Hi all,
If you have missed the previous Flashback posts, please go through these links to find it and read them if you feel like!
Flashback – Part 1 (Flashback Drop)
Flashback – Part 2 (Flashback Query)
Flashback – Part 3 (Flashback Versions Query)
Flashback – Part 5 (Flashback Table)
Flashback – Part 6 (Flashback Database)
Flashback – Part 7 (Flashback Data Archive)
And now, we are half way there to the end of the Flashback posts, let’s see a little more about FLASHBACK TRANSACTION QUERY.
Hi all!
The post Purge SYSAUX Tablespace, made on Fabruary 8this, is yet being high accessed. So, if you’re interested, here it goes another post about:
Last week I supported a database was not purging statistics through MMON job, because is timeouting. Worst than simply that, the database is not purging statistics since 2012 and SYSAUX was huge!
To understand: By default, the MMON performs the automatic purge that removes all history older than:
1) current time – statistics history retention (by default 31 days)
2) time of recent analyze in the system – 1
MMON performs the purge of the optimizer stats history automatically, but it has an internal limit of 5 minutes to perform this job. If the operation takes more than 5 minutes, then it is aborted and stats not purged.
The problem was very clear in alert.log, through the entry:
Unexpected error from flashback database MMON timeout action Errors in file /oracle/diag/rdbms/oracle/trace/oracle_mmon_1234567.trc: ORA-12751: cpu time or run time policy violation
But it’s happening since 2012! How to address that?
More“Statistics not Being Auto Purged – Splitting Purge”
Hi Everyone,
Here we are to continue our Flashback Saga! If you lost our first 2 posts about that and are in the mood for a good reading, please go through the links below:
Flashback – Part 1 (Flashback Drop)
Flashback – Part 2 (Flashback Query)
Flashback – Part 4 (Flashback Transaction Query)
Flashback – Part 5 (Flashback Table)
Flashback – Part 6 (Flashback Database)
Flashback – Part 7 (Flashback Data Archive)
Today we are going to discuss Flashback Versions Query, which has a strong link with the previous post, the Flashback Query (AS OF). With this feature, we are able to verify all changes made between 2 points in time in the past, using SCN or a Timestamp. Of course, the Flashback Versions Query will retrieve only the committed data. Just like Flashback Query, the Flashback Versions Query is undo-based, so make sure your undo Tablespace and undo retention period is good enough for you.
Hi all!
The package body APEX_030200.WWV_FLOW_HELP become invalid after Oracle Text installation with the follow errors:
Compilation errors for PACKAGE BODY APEX_030200.WWV_FLOW_HELP #13#10Error: PL/SQL: ORA-00942: table or view does not exist Line: 189 #13#10Error: PL/SQL: SQL Statement ignored Line: 188 #13#10Error: PLS-00201: identifier 'CTX_DDL.DROP_PREFERENCE' must be declared Line: 191 #13#10Error: PL/SQL: Statement ignored Line: 191 #13#10Error: PL/SQL: ORA-00942: table or view does not exist Line: 197 #13#10Error: PL/SQL: SQL Statement ignored Line: 196 #13#10Error: PLS-00201: identifier 'CTX_DDL.DROP_PREFERENCE' must be declared Line: 199 #13#10Error: PL/SQL: Statement ignored Line: 199 #13#10Error: PLS-00201: identifier 'CTX_DDL.CREATE_PREFERENCE' must be declared Line: 261 #13#10Error: PL/SQL: Statement ignored Line: 261 #13#10Error: PLS-00201: identifier 'CTX_DDL.SET_ATTRIBUTE' must be declared Line: 262 #13#10Error: PL/SQL: Statement ignored Line: 262 #13#10Error: PLS-00201: identifier 'CTX_DDL.SET_ATTRIBUTE' must be declared Line: 265 #13#10Error: PL/SQL: Statement ignored Line: 265 #13#10Error: PLS-00201: identifier 'CTX_DDL.CREATE_PREFERENCE' must be declared Line: 280 #13#10Error: PL/SQL: Statement ignored Line: 280 #13#10Error: PLS-00201: identifier 'CTX_DOC.FILTER' must be declared Line: 292 #13#10Error: PL/SQL: Statement ignored Line: 292 #13#10Error: PLS-00201: identifier 'CTX_DOC.FILTER' must be declared Line: 312 #13#10Error: PL/SQL: Statement ignored Line: 312
It happens bassically because APEX schema has not been granted with execute privileges for CTX_DDL and CTX_DOC. The note below it’s exactly about it:
The WWV_FLOW_HELP PACKAGE Status is Invalid After Installing Oracle Text (Doc ID 1335521.1)
The solution is simple:
mydb> grant execute on ctx_ddl to APEX_030200; Grant succeeded. mydb> grant execute on ctx_doc to APEX_030200; Grant succeeded. mydb> alter package APEX_030200.WWV_FLOW_HELP compile; Package altered. mydb> alter package APEX_030200.WWV_FLOW_HELP compile body; Package body altered.
Have a nice day!
Matheus.
Hi Guys,
Today I bring you a script that I use to decrypt datasource passwords and also the password of AdminServer, which is very useful on a daily basis.
The script uses the encrypted password that is found within the datasource configuration files ($DOMAIN_HOME/config/jdbc/*.xml).
To decrypt the AdminServer password is used the encrypted password contained within the boot.properties ($DOMAIN_HOME/servers/AdminServer/security).
Below the script (decryptPassword.py):
#=======================================================================================
# This Script decrypt WebLogic passwords
#
# Usage:
# wlst decryptPassword.py
#
#
#=======================================================================================
import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService
def decrypt(domainHomeName, encryptedPwd):
domainHomeAbsolutePath = os.path.abspath(domainHomeName)
encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
clear = ces.decrypt(encryptedPwd)
print "RESULT:" + clear
try:
if len(sys.argv) == 3:
decrypt(sys.argv[1], sys.argv[2])
else:
print "INVALID ARGUMENTS"
print " Usage: java weblogic.WLST decryptPassword.py "
print " Example:"
print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3swTJxFl0t8NInD/ykkE="
except:
print "Unexpected error: ", sys.exc_info()[0]
dumpStack()
raise
Syntax using: java weblogic.WLST decryptPassword.py $DOMAIN_HOME encrypted_password
Download script here.
For example:
[oracle@app1osbgrepora1l scripts]$ source /oracle/domains/osb_domain/bin/setDomainEnv.sh
[oracle@app1osbgrepora1l osb_domain]$ java weblogic.WLST decryptPassword.py /oracle/domains/osb_domain/ {AES}WdbfYhD1EbVXmIe62hLftef4WtNPvyRDGc1/lsyQ014=
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
RESULT:OSBPASS123
That’s all for today
Jackson.
Hey team,
This is the second part of our Flashback Tutorial and today we’re gonna talk about FLASHBACK QUERY. Please check below for the full serie:
Flashback – Part 1 (Flashback Drop)
Flashback – Part 3 (Flashback Versions Query)
Flashback – Part 4 (Flashback Transaction Query)
Flashback – Part 5 (Flashback Table)
Flashback – Part 6 (Flashback Database)
Flashback – Part 7 (Flashback Data Archive)
Let’s go:
FLASHBACK QUERY
In the last Flashback post, we learnt about restoring tables that were dropped from the database with the RecycleBin facility. But if you think about it, it’s way more likely that a table suffer an undesirable change, than actually be dropped. Example, when you UPDATE a table with values that are not correct, or delete values (and commit, of course), and so on, wouldn’t it be great if we could come back in the past and see how it was before the change? Thanks to the almighty Oracle Database we can! We can use the Flashback Query to see how a table was at a specific time in the past. And the best part of it, is if you are the owner of your table, you can do it yourself, no need to bother the DBA with that (definetely the best part), and you can correct your own mistakes. Also, please keep in mind that for FLASHBACK QUERY to work, we need to have our undo properly configured. To illustrate that, let’s see an example:
Let’s create our same old table:
CREATE TABLE grepora ( column1 VARCHAR2(30), column2 VARCHAR2(40), column3 VARCHAR2(20) ) 5 TABLESPACE users; Table created.
Then, let’s insert some values on it:
SQL> insert into grepora values ('value1', 'value2', 'value3');
1 row created.
SQL> insert into grepora values ('line2', 'line2', 'line2');
1 row created.
SQL> insert into grepora values ('line3', 'line3', 'line3');
1 row created.
SQL> insert into grepora values ('line4', 'line4', 'line4');
1 row created.
SQL> insert into grepora values ('line5', 'line5', 'line5');
1 row created.
SQL> commit;
See how the table is at the moment:
SQL> select * from grepora; COLUMN COLUMN COLUMN ------ ------ ------ value1 value2 value3 line2 line2 line2 line3 line3 line3 line4 line4 line4 line5 line5 line5
Get the SYSDATE, to know the exact date where you have this amount of data:
SQL> alter session set nls_date_format='dd/mm/yyyy hh24:mi:ss'; Session altered. SQL> SQL> select sysdate from dual; SYSDATE ------------------- 20/06/2016 16:36:07
Now, let’s make some “mistakes” here, try to change the content of the table, deleting and updating values:
SQL> delete from grepora where column1='line5'; 1 row deleted. SQL> update grepora set column1='line1', column2='line1', column3='line1' where column1='value1'; 1 row updated. SQL> commit; Commit complete.
And see how the table is right now:
SQL> select * from grepora; COLUMN COLUMN COLUMN ------ ------ ------ line1 line1 line1 line2 line2 line2 line3 line3 line3 line4 line4 line4
Check that the content data of the table is different from the original version after our changes. How can we revert that if we didn’t know how it was before that?
We use the famous AS OF TIMESTAMP statement, which allow us to see the table in a different time in the past.
With the example below, check that after using the clause AS OF TIMESTAMP and using the date we caught before to DML our table, we can find the same previous data:
SQL> select * from grepora as of timestamp (to_timestamp('20/06/2016 16:36:07', 'dd/mm/yyyy hh24:mi:ss'));
COLUMN COLUMN COLUMN
------ ------ ------
value1 value2 value3
line2 line2 line2
line3 line3 line3
line4 line4 line4
line5 line5 line5
And the current version:
SQL> select * from grepora; COLUMN COLUMN COLUMN ------ ------ ------ line1 line1 line1 line2 line2 line2 line3 line3 line3 line4 line4 line4
With this feature, we can see how a table was “before the mistake” and do the proper actions to fix it.
I hope it was clear to everyone, if you have any doubt, please get in touch with GrepOra and we’ll be glad to help.
For the next post, we’ll be doing a test case for FLASHBACK VERSIONS QUERY! Stay Tuned!
Rafael.
I do checked there’s no good way to change ACFS mounting point on asmca assistant, so I decided to document how I quickly change ACFS mount point:
root@mymachine:/oracle/product >/grid/product/12.1.0.2/bin/srvctl stop filesystem -d /dev/asm/ggatebin-68 root@mymachine:/ >/usr/sbin/acfsutil registry -d /dev/asm/ggatebin-68 acfsutil registry: successfully removed ACFS volume /dev/asm/ggatebin-68 from Oracle Registry root@mymachine:/ >/usr/sbin/acfsutil registry -a /dev/asm/ggatebin-68 /oracle/product/goldengate12c/ acfsutil registry: mount point /oracle/product/goldengate12c successfully added to Oracle Registry root@mymachine:/oracle/product >chown -R oracle.oinstall goldengate12c root@mymachine:/oracle/product >chmod 755 goldengate12c
Maiquel.
Hi all,
It’s not a new vulnerability, but a good thing to have personal note about it. Besides the security problem, it can save you from situations you need but don’t have the database link password.
It works only if the database link was created pre-11.2.0.2.
The vulnerability only is exposed if user has one of the follow privileges:
SYS
SYSDBA
DBA
SYS WITHOUT SYSDBA
SYSASM
EXP_FULL_DATABASE
DATAPUMP_EXP_FULL_DATABASE
DATAPUMP_IMP_FULL_DATABASE
Starting with 11.2.0.2, Oracle changed the hashes format for database link passwords, solving this vulnerability. But it only apply to dblinks created in this version or higher.
If you have dblink created when database was on 11.2.0.1, for example, and upgrade the database for 11.2.0.4, the problem remains until you recreate the database link.
So, if you are upgrading database from 11.2.0.1 or lower to 11.2.0.2 or higher, remember to reacreate database links!
The vulnerability was exposed in 2012 by Paul Wright. Here is his PoC.
And there is his post.
To make it different, below I made the same test (using a PLSQL block, to make it prettier) with an upgraded database, from 11.2.0.1 to 11.2.0.4:
testdb11204> select passwordx from sys.link$ where name='MY_DBLINK';
PASSWORDX
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0540C5B8090D021649C5C614E8E0C242AF33F71C08C535900C
1 row selected.
testdb11204> set serveroutput on
testdb11204> declare
2 db_link_password varchar2(100);
3 begin
4 db_link_password := '0540C5B8090D021649C5C614E8E0C242AF33F71C08C535900C';
5 dbms_output.put_line ('Password: ' || utl_raw.cast_to_varchar2 ( dbms_crypto.decrypt ( substr (db_link_password, 19) , dbms_crypto.DES_CBC_PKCS5 , substr (db_link_password, 3, 16) ) ) );
6 end;
7 /
Password: P4SSW0RD
Note that the simple upgrade does not solve the question. Is needed to recreate database link.
Matheus.