Posted by With the new release of every product from every software vendor, there are always the big banner headline features that take up all the marketing “real estate”, and 21c will be no exception. These features will certainly get their fair share of attention from the blog-sphere, the official media releases, documentation and the like.
But tucked away in new releases are often little nuggets of gold – small things that can be of tremendous value to customers. Checksums in DataPump is one of these nuggets.
In earlier releases, anyone with a hex editor, a little internals knowledge and some patience could take a DataPump export file and manipulate the contents. For example, here I have exported the standard SCOTT schema
[oracle@db192 ~]$ expdp userid=mcdonac/******@pdb1 directory=tmp dumpfile=scott schemas=scott
Export: Release 19.0.0.0.0 - Production on Mon Aug 16 11:30:42 2021
Version 19.12.0.0.0
Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Starting "MCDONAC"."SYS_EXPORT_SCHEMA_01": userid=mcdonac/********@pdb1 directory=tmp dumpfile=scott schemas=scott
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
Processing object type SCHEMA_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS
Processing object type SCHEMA_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS
Processing object type SCHEMA_EXPORT/STATISTICS/MARKER
Processing object type SCHEMA_EXPORT/USER
Processing object type SCHEMA_EXPORT/ROLE_GRANT
Processing object type SCHEMA_EXPORT/DEFAULT_ROLE
Processing object type SCHEMA_EXPORT/TABLESPACE_QUOTA
Processing object type SCHEMA_EXPORT/PRE_SCHEMA/PROCACT_SCHEMA
Processing object type SCHEMA_EXPORT/TABLE/TABLE
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/CONSTRAINT
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT
. . exported "SCOTT"."EMP" 8.773 KB 14 rows
. . exported "SCOTT"."DEPT" 6.023 KB 4 rows
. . exported "SCOTT"."SALGRADE" 5.953 KB 5 rows
. . exported "SCOTT"."BONUS" 0 KB 0 rows
Master table "MCDONAC"."SYS_EXPORT_SCHEMA_01" successfully loaded/unloaded
******************************************************************************
Dump file set for MCDONAC.SYS_EXPORT_SCHEMA_01 is:
/tmp/scott.dmp
Job "MCDONAC"."SYS_EXPORT_SCHEMA_01" successfully completed at Mon Aug 16 11:31:19 2021 elapsed 0 00:00:35
and then tinkered with the export file via a hex editor:
Lo and behold, on the subsequent import, we no longer have a MARTIN but they have been replaced with me!
[oracle@db192 tmp]$ impdp userid=mcdonac/****@pdb1 directory=tmp dumpfile=scott schemas=scott
Import: Release 19.0.0.0.0 - Production on Mon Aug 16 11:40:06 2021
Version 19.12.0.0.0
Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Master table "MCDONAC"."SYS_IMPORT_SCHEMA_01" successfully loaded/unloaded
Starting "MCDONAC"."SYS_IMPORT_SCHEMA_01": userid=mcdonac/********@pdb1 directory=tmp dumpfile=scott schemas=scott
Processing object type SCHEMA_EXPORT/USER
ORA-31684: Object type USER:"SCOTT" already exists
Processing object type SCHEMA_EXPORT/ROLE_GRANT
Processing object type SCHEMA_EXPORT/DEFAULT_ROLE
Processing object type SCHEMA_EXPORT/TABLESPACE_QUOTA
Processing object type SCHEMA_EXPORT/PRE_SCHEMA/PROCACT_SCHEMA
Processing object type SCHEMA_EXPORT/TABLE/TABLE
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
. . imported "SCOTT"."EMP" 8.773 KB 14 rows
. . imported "SCOTT"."DEPT" 6.023 KB 4 rows
. . imported "SCOTT"."SALGRADE" 5.953 KB 5 rows
. . imported "SCOTT"."BONUS" 0 KB 0 rows
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/CONSTRAINT
Processing object type SCHEMA_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT
Processing object type SCHEMA_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS
Processing object type SCHEMA_EXPORT/STATISTICS/MARKER
Job "MCDONAC"."SYS_IMPORT_SCHEMA_01" completed with 1 error(s) at Mon Aug 16 11:40:25 2021 elapsed 0 00:00:18
[oracle@db192 tmp]$
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 30
7566 JONES MANAGER 7839 02-APR-81 2975 20
7654 CONNOR SALESMAN 7698 28-SEP-81 1250 1400 30
7698 BLAKE MANAGER 7839 01-MAY-81 2850 30
7782 CLARK MANAGER 7839 09-JUN-81 2450 10
7788 SCOTT ANALYST 7566 09-DEC-82 3000 20
7839 KING PRESIDENT 17-NOV-81 5000 10
7844 TURNER SALESMAN 7698 08-SEP-81 1500 30
7876 ADAMS CLERK 7788 12-JAN-83 1100 20
7900 JAMES CLERK 7698 03-DEC-81 950 30
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
Tampering with non-string datatypes such as dates and numbers, take a little more care, but there are plenty of “How To” blog posts out there that describe the format of data within an Oracle database.
21c now lets you protect your DataPump export files from simple tampering with the CHECKSUM parameter. Here’s the same process repeated again under 21c.
[oracle@db21c ~]$ expdp userid=mcdonac/****@pdb1 directory=temp dumpfile=scott schemas=scott checksum=yes
Export: Release 21.0.0.0.0 - Production on Fri Aug 13 04:11:34 2021
Version 21.3.0.0.0
Copyright (c) 1982, 2021, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
Starting "MCDONAC"."SYS_EXPORT_SCHEMA_01": userid=mcdonac/********@pdb1 directory=temp dumpfile=scott schemas=scott checksum=yes
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
Processing object type SCHEMA_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS
Processing object type SCHEMA_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS
Processing object type SCHEMA_EXPORT/STATISTICS/MARKER
Processing object type SCHEMA_EXPORT/USER
Processing object type SCHEMA_EXPORT/ROLE_GRANT
Processing object type SCHEMA_EXPORT/DEFAULT_ROLE
Processing object type SCHEMA_EXPORT/TABLESPACE_QUOTA
Processing object type SCHEMA_EXPORT/PRE_SCHEMA/PROCACT_SCHEMA
Processing object type SCHEMA_EXPORT/TABLE/TABLE
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/CONSTRAINT
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT
. . exported "SCOTT"."EMP" 8.773 KB 14 rows
. . exported "SCOTT"."DEPT" 6.023 KB 4 rows
. . exported "SCOTT"."SALGRADE" 5.953 KB 5 rows
. . exported "SCOTT"."BONUS" 0 KB 0 rows
Master table "MCDONAC"."SYS_EXPORT_SCHEMA_01" successfully loaded/unloaded
Generating checksums for dump file set
******************************************************************************
Dump file set for MCDONAC.SYS_EXPORT_SCHEMA_01 is:
/tmp/scott.dmp
Job "MCDONAC"."SYS_EXPORT_SCHEMA_01" successfully completed at Fri Aug 13 04:12:21 2021 elapsed 0 00:00:40
[oracle@db21c scripts]$ impdp userid=mcdonac/******@pdb1 directory=temp dumpfile=scott schemas=scott verify_checksum=yes
Import: Release 21.0.0.0.0 - Production on Sun Aug 15 23:53:29 2021
Version 21.3.0.0.0
Copyright (c) 1982, 2021, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
ORA-39002: invalid operation
ORA-39412: file checksum error in dump file "/tmp/scott.dmp"
Note: If you do not specify the VERIFY_CHECKSUM parameter, the import will happily proceed, even if someone has tampered with your dump file (and still ended up with a valid file).
Before 21c, you could certainly enact manual processes around DataPump to mimic this, eg, an MD5 or similar stored alongside every DataPump file, and some initial checking before running the import, but as well know – every list of manual processes is just as likely to be on a list of forgotten steps 
.
Obviously calculating and verifying a checksum has a slight overhead, so make sure you do sensible testing in your environment before you throw it onto your 500TB export!
Learning is not a spectator sport 