100% found this document useful (5 votes)

28 views

Download ebooks file (Ebook) Oracle Database Application Security: With Oracle Internet Directory, Oracle Access Manager, and Oracle Identity Manager by Osama Mustafa, Robert P. Lockard ISBN 9781484253663, 9781484253670, 1484253663, 1484253671 all chapters

The document provides information on various ebooks available for download, including titles related to Oracle Database Application Security and other subjects. It lists authors, ISBNs, and links for purchasing or accessing the ebooks. Additionally, it includes a detailed table of contents for the Oracle Database Application Security book, outlining its chapters and topics covered.

Uploaded by

djemlinavraj

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (5 votes)

28 views

Download ebooks file (Ebook) Oracle Database Application Security: With Oracle Internet Directory, Oracle Access Manager, and Oracle Identity Manager by Osama Mustafa, Robert P. Lockard ISBN 9781484253663, 9781484253670, 1484253663, 1484253671 all chapters

Uploaded by

djemlinavraj

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 67

Download Full Version ebook - Visit ebooknice.

com

(Ebook) Oracle Database Application Security: With

Oracle Internet Directory, Oracle Access Manager,
and Oracle Identity Manager by Osama Mustafa,
Robert P. Lockard ISBN 9781484253663,
9781484253670, 1484253663, 1484253671
https://ebooknice.com/product/oracle-database-application-
security-with-oracle-internet-directory-oracle-access-
manager-and-oracle-identity-manager-10795998

Click the button below to download

DOWLOAD EBOOK

Discover More Ebook - Explore Now at ebooknice.com

Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...

Start reading on any device today!

(Ebook) Biota Grow 2C gather 2C cook by Loucas, Jason;

Viles, James ISBN 9781459699816, 9781743365571,
9781925268492, 1459699815, 1743365578, 1925268497
https://ebooknice.com/product/biota-grow-2c-gather-2c-cook-6661374

ebooknice.com

(Ebook) Matematik 5000+ Kurs 2c Lärobok by Lena

Alfredsson, Hans Heikne, Sanna Bodemyr ISBN 9789127456600,
9127456609
https://ebooknice.com/product/matematik-5000-kurs-2c-larobok-23848312

ebooknice.com

(Ebook) SAT II Success MATH 1C and 2C 2002 (Peterson's SAT

II Success) by Peterson's ISBN 9780768906677, 0768906679

https://ebooknice.com/product/sat-ii-success-
math-1c-and-2c-2002-peterson-s-sat-ii-success-1722018

ebooknice.com

(Ebook) Master SAT II Math 1c and 2c 4th ed (Arco Master

the SAT Subject Test: Math Levels 1 & 2) by Arco ISBN
9780768923049, 0768923042
https://ebooknice.com/product/master-sat-ii-math-1c-and-2c-4th-ed-
arco-master-the-sat-subject-test-math-levels-1-2-2326094

ebooknice.com
(Ebook) Cambridge IGCSE and O Level History Workbook 2C -
Depth Study: the United States, 1919-41 2nd Edition by
Benjamin Harrison ISBN 9781398375147, 9781398375048,
1398375144, 1398375047
https://ebooknice.com/product/cambridge-igcse-and-o-level-history-
workbook-2c-depth-study-the-united-states-1919-41-2nd-edition-53538044

ebooknice.com

(Ebook) Oracle SQL tuning with Oracle SQLTXPLAIN: Oracle

database 12c edition by Charalambides, Stelios ISBN
9781484224359, 9781484224366, 1484224353, 1484224361
https://ebooknice.com/product/oracle-sql-tuning-with-oracle-
sqltxplain-oracle-database-12c-edition-22004982

ebooknice.com

(Ebook) Expert Oracle and Java Security: Programming

Secure Oracle Database Applications with Java by David
Coffin ISBN 9781430238317, 1430238313
https://ebooknice.com/product/expert-oracle-and-java-security-
programming-secure-oracle-database-applications-with-java-22682424

ebooknice.com

(Ebook) Oracle Essentials: Oracle Database 12c by Rick

Greenwald, Robert Stackowiak, Jonathan Stern ISBN
9781449343033, 1449343031
https://ebooknice.com/product/oracle-essentials-oracle-
database-12c-4433362

ebooknice.com

(Ebook) Oracle Essentials, Fourth Edition Oracle Database

11g by Rick Greenwald, Robert Stackowiak, Jonathan Stern
ISBN 9780596514549, 0596514549
https://ebooknice.com/product/oracle-essentials-fourth-edition-oracle-
database-11g-1231512

ebooknice.com
Oracle Database
Application
Security
With Oracle Internet Directory,
Oracle Access Manager,
and Oracle Identity Manager
—
Osama Mustafa
Robert P. Lockard
Oracle Database
Application Security
With Oracle Internet Directory,
Oracle Access Manager, and
Oracle Identity Manager

Osama Mustafa
Robert P. Lockard
Oracle Database Application Security
Osama Mustafa Robert P. Lockard
Amman, Jordan Baltimore, MD, USA

ISBN-13 (pbk): 978-1-4842-5366-3 ISBN-13 (electronic): 978-1-4842-5367-0

https://doi.org/10.1007/978-1-4842-5367-0

Copyright © 2019 by Osama Mustafa, Robert P. Lockard

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or
part of the material is concerned, specifically the rights of translation, reprinting, reuse of
illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way,
and transmission or information storage and retrieval, electronic adaptation, computer software,
or by similar or dissimilar methodology now known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark
symbol with every occurrence of a trademarked name, logo, or image we use the names, logos,
and images only in an editorial fashion and to the benefit of the trademark owner, with no
intention of infringement of the trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if
they are not identified as such, is not to be taken as an expression of opinion as to whether or not
they are subject to proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of
publication, neither the authors nor the editors nor the publisher can accept any legal
responsibility for any errors or omissions that may be made. The publisher makes no warranty,
express or implied, with respect to the material contained herein.
Managing Director, Apress Media LLC: Welmoed Spahr
Acquisitions Editor: Nikhil Karkal
Development Editor: Matthew Moodie
Coordinating Editor: Divya Modi
Cover designed by eStudioCalamar
Cover image designed by Freepik (www.freepik.com)
Distributed to the book trade worldwide by Springer Science+Business Media New York,
233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505,
e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a
California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc
(SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.
For information on translations, please e-mail rights@apress.com, or visit www.apress.com/
rights-permissions.
Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook
versions and licenses are also available for most titles. For more information, reference our Print
and eBook Bulk Sales web page at www.apress.com/bulk-sales.
Any source code or other supplementary material referenced by the author in this book is available
to readers on GitHub via the book’s product page, located at www.apress.com/978-1-4842-5366-3.
For more detailed information, please visit www.apress.com/source-code.
Printed on acid-free paper
We would like to dedicate this to all the victims of
cybercrime and the professionals who are working hard to
make the criminals’ lives difficult by securing their
environments and educating their users.
Table of Contents
About the Authors��xi
About the Technical Reviewer��xiii
Acknowledgments��xv
Introduction��xvii

Chapter 1: Encryption��1
Transparent Data Encryption��1
Rekey the Keystore Master Encryption Key��6
Query the Master Key Information��7
Rekey a Table Key��15
Rekey a Tablespace��15
Change the Password of the Keystore��16
Column Encryption��17
Salt or No Salt?��18
Encrypt a Column in an Existing Table��18
Primary Key Foreign Key Constraints on an Encrypted Column��19
Rekey a Column��19
Tablespace Encryption��20
Tablespace Encryption vs. Column Encryption Performance��22
External Table Encryption��24
Where Can Data Spill Out in Plain Text When Using External Tables?��28
Full Database Encryption��30

v
Table of Contents

Ghost Data��31
How to Fix It��33
Column Encryption��33
Tablespace Encryption��33
Full Encryption��33
Online Tablespace Encryption��34
External Tables��34
Algorithms��34
RMAN��35
Data Pump��36
Network Encryption and Integrity��39
Configure��39
Cross-Border Issues��43
Integrity��44

Chapter 2: Audits��47
Ways to Audit a Database��48
Application API Code��48
Auditing with Trigger Code��48
Normal Audit��49
Unified Audit��50
Fine-Grained Auditing��52
Comparing Methods��53
What Happened Yesterday��55
What Are You Looking for When You Audit?��67
Accessing Information Outside of the Trusted Path��67

vi
Table of Contents

The Policy Needs to Tell Who, What, When, and Where��68

Who��69
What��69
When��69
Where��70
Configuration Drift��70

Chapter 3: Privilege Analysis��75

SYS.DBMS_PRIVILEGE_CAPTURE��76
Requirements��77
Capture Modes��77
Procedures��79
Views��85
Putting It Together��106

Chapter 4: Oracle Database Threats��125

Threat Categories��126
What Protocol Is Your Database Server Using?��126
Understand the Code Running on Your Database��127
Debug, Debug, and Then Debug Some More��127
Test It Before Implementing It��127
Dealing with Threats��127
Oracle Authentication and Authorization��128
TNS Poisoning��133
PL/SQL Injection��150
Execute Operating System Commands Through Oracle��153
Injecting a Rootkit into the Oracle Database��157
Running Operating System Commands Using DBMS_SCHEDULER��159

vii
Table of Contents

Disable Audits Using Oradebug Tools��159

Access the Operating System File System��160
Oracle Security Recommendations��160
Oracle TNS Listener��161
Database Accounts��163
PL/SQL Packages, Procedures, and Functions��165
Patching��166
Review Database Privileges Frequently��166

viii
Table of Contents

Chapter 6: Secure Coding and Design��197

Problematic Designs��198
Improved Design��200
Schema-Only Accounts��202
Trusted Path��203
Definer’s and Invoker’s Rights��206
accessible by��213
Using the Schema-Only Account��217
Code-Based Access Control��218
Set Up Roles and Privileges��224
Build the API Schema��226
Business Logic Schema��230
Error Handling��231
Summary��244

Chapter 7: Single Sign-On��245

SSO Terms and Concepts��246
Installation and Configuration��250
Oracle Webgate Installation and Configuration��250
Oracle Internet Directory Installation��264
Oracle Access Manager��296
Oracle Access Manager Prerequisites��297
Oracle Access Manager Resource Type��298
Oracle Access Manager Authentication��299
Oracle Access Manager Single Sign-On Cookie��300
Oracle Access Manager Installation��300
Verify the OAM Installation��318

ix
Table of Contents

Single Sign-on Examples��321

Integrate WebLogic with Kerberos��321
Configure SSO for a Siebel Application��326
Configure SSO for EBS 12.2.x, Integration with Oracle Access Manager,
and Oracle Internet Directory��329

Index��333

x
Visit https://ebooknice.com to
discover a wide range of
eBooks across various genres.
Enjoy exclusive deals and
discounts to enhance your
reading experience. Start your
digital reading journey today!
About the Authors
Osama Mustafa is the first Oracle ACE Director
in the Middle East and creator/director of the
Jordan Amman Oracle User Group, the first
group in Jordan related to Oracle technology.
The author of two oracle books, Osama is
providing a different high services to clients
around the world, Furthermore Osama works
with different cloud vendors such as AWS,
Google, and Oracle. He has experience in automating and implementing
projects around the world, as well as solid knowledge of many different
databases. Osama has presented at conferences around the world and has
written more than 100 articles for different magazines. He also shares his
knowledge on his web site at www.osamaoracle.com/.

Robert P. Lockard is an Oracle ACE Director

and a professional Oracle DBA, designer,
developer, and project manager with more
than three decades of experience. For the past
20 years he has worked as an independent
consultant providing quality services to his
customers at a reasonable price. Robert has
worked in financial intelligence tracking
money laundering, terrorist money, and
identity theft. He has also worked in the cybercrimes arena tracking attacks
on information systems. He specializes in evaluating and securing your
Oracle database environment from threats both external and internal.

xi
About the Technical Reviewer
Srinath Menon is currently working with
Oracle India Pvt Ltd for the Oracle Identity
and Access Management Support team where
he deals with product-related issues that are
technical and functional in nature. Prior to
being associated with the OIAM product stack,
he worked with the Oracle WebCenter Suite.
He is also involved in the Oracle forums
and community.

xiii
Acknowledgments
I am grateful to several people. First I would like to thank my mother for
motivating me to become a writer, my fiancée who was patient with me
during this project while I spent many weekends working, and my family
for their support and understanding of my chosen path and my obsession
of information technology. I would like to thank my coauthor, Rob, for
collaborating with me on this book. Without all of your support, this book
would not have been possible.
—Osama Mustafa

There are quite a few people who made this book possible. Thanks to
Candace Dayton for constantly asking the hard questions and encouraging
me; to Associate Professor Olesya Zmazneva, PhD, for passing chapters on
to her students so I could get feedback from non-native English speakers
who are new to this business; to Darya Lutkova, for reading the draft of
the secure coding chapter and then asking great questions that made the
chapter even better; and to Roger MacNicol who always made himself
available to answer my questions or to bounce ideas around.
—Robert P. Lockard

xv
Introduction
Security is a complex subject. With the number of attacks on different
systems increasing every day, securing a system to protect your company’s
data can be overwhelming. However, there is a pragmatic approach you
can take to implement a security solution to meet your requirements and
to secure the system and protect your data.
In this book, you will learn about database security and how to secure
your database against database threats, and you’ll see real examples of
these threats. Furthermore, this book covers application security and
implements single sign-on with different products such as Oracle Internet
Directory, Oracle Access Manager, and Oracle Identity Management.
Specifically, in this book, you will learn about the following topics and
technologies:

• Different kinds of encryption

• Database audits and key policy, identity preservation,

and fine-grained auditing (FGA)

• Database threats and how to secure yourself from them

• Intrusion detection tools like Oracle Database Firewall

and SNORT

• Secure coding standards

• Single sign-on

xvii
CHAPTER 1

Encryption
From the time of Julius Caesar and the “Caesar shift” algorithm, people
have been using encryption to protect information from prying eyes. To
use encryption properly, you need to understand how data moves through
systems, from storage to where the data is presented. If you are not careful,
there will be places where encrypted data will spill out unencrypted.
You also need to understand that encryption is just one part of securing
your information. Even after you set up encryption, you need to concern
yourself with ghost data that may be left behind in storage unencrypted.
In this chapter, we’ll discuss how to set up Transparent Data Encryption
(TDE), how to implement network encryption, and where ghost data can
be found so it can be safely destroyed and kept from prying eyes.

Transparent Data Encryption

Transparent Data Encryption is the technology used to encrypt the data
that is on disk and used by the Oracle database. TDE covers about 15
percent to 20 percent of the attack surface of the Oracle database. If the
database and the keystore are open, then the database will do exactly
what it’s designed to do: encrypt and decrypt the data moving through the
database. What does TDE protect you from? TDE protests when someone
tries to bypass the database and get to the data on disk. Make no mistake,
TDE is a powerful tool to protect your information if the files (data files,
RMAN backups, and Data Pump Export files) are compromised.

© Osama Mustafa, Robert P. Lockard 2019 1

O. Mustafa and R. P. Lockard, Oracle Database Application Security,
https://doi.org/10.1007/978-1-4842-5367-0_1
Chapter 1 Encryption

Is there an advantage to using TDE over whole-disk encryption? Well,

it depends. There are pros and cons to each. With whole-disk encryption,
if the disk is ever compromised, retrieving the data is difficult. However,
a user with access to the operating system can bypass the database and
access the encrypted data. If you’re using TDE, then the user must go
through the database to access the data.
To set up TDE, the first thing you need to do is set up a keystore.
A keystore is an encrypted file that holds the master key that is used
to decrypt the keys for table columns and tablespaces. In the past, the
keystore was called the wallet, but this has changed, likely to keep the
naming consistent with the Java keystore. You will notice that many of the
views still use the term wallet. Don’t let this confuse you; the terms are
interchangeable, but we’ll stick to using the term keystore.
There are a couple types of keystores. There is a file keystore that is
stored on the file system, and there are hardware keystores. An important
thing to consider is where are you going to store the file keystore. You
should never store the file keystore under ORACLE_BASE or with your
data files. We normally place the file keystore in /etc/oracle/wallet/
orclcdb/<database name>. This is done so the keystore can be backed
up independently of the Oracle binaries and the data files. Remember,
the keystore is used to decrypt your data, so if you were to back up your
keystore with your data files, then all an attacker would need to do is to
figure out the password; further, if you are using an auto open keystore,
then an attacker would not even need to figure out the password.
You should be backing up your keystore before and after any operation
that changes the keystore. If you get an error and the keystore gets
corrupted, you will need the backup to recover. After you back up your
keystore, keep a copy on-site and off-site.
To create the keystore, you’ll need to set the WALLET_ROOT value in the
init.ora or spinit.ora file. Either you can create a backup of the init.
ora file, edit it, and then use it to restart the database and re-create the
spinit.ora file, or you can use alter system set wallet_root using

2
Chapter 1 Encryption

a scope of spfile and then restart the database. The choice is yours. We
prefer to use the alter system command.

SQL> alter system set wallet_root='/etc/oracle/wallet/orclcdb'

scope=spfile;
System altered.
SQL> – now bounce the database so wallet_root takes effect
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 2432694552 bytes
Fixed Size 8898840 bytes
Variable Size 654311424 bytes
Database Buffers 1761607680 bytes
Redo Buffers 7876608 bytes
Database mounted.
Database opened.

Then you need to set TDE_CONFIGURATION so the database knows

whether you are using a file keystore or a hardware keystore.

SQL> ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_

CONFIGURATION=FILE" scope=BOTH;
System altered.

Create the user c##sec_admin that will be used to manage TDE, create
the keystore, and do the rekeying operations. This user must be granted
the syskm and connect privileges.

3
Chapter 1 Encryption

SQL> create user c##sec_admin identified by SecretPassword;

User created.
SQL> grant syskm, connect to c##sec_admin;
Grant succeeded.
SQL> conn c##sec_admin as syskm
Enter password:
Connected.
SQL>

Now that we have the account set up to manage TDE, we can create
the keystore. There are a couple of options when we create the keystore.
One of them is to set up an auto open keystore. There are some corner
cases where you would not want an auto open keystore, but most
databases that we have worked with were up 24/7; therefore, if there is a
case where you needed to restart the database, the keystore would open
up automatically.
There is an argument to not use an auto open keystore in case the
keystore ever gets lost. If you are concerned about forgetting the password
to the keystore, put the password in the password envelope that is kept in
the safe along with the other admin passwords.
When we create the keystore using the administer key management
command, we do not need to set the keystore location because we set the
wallet_root value in the configuration.

c##sec_admin > administer key management create keystore

identified by SecretPassword;
keystore altered.

Now if you look in the wallet_root location, you will see that an empty
keystore named ewallet.p12 has been created.

[oracle@localhost ~]$ cd /etc/oracle/wallet/orclcdb/tde

[oracle@localhost tde]$ ls -l
total 4

4
Chapter 1 Encryption

-rw-------. 1 oracle oinstall 2555 Dec 22 09:05 ewallet.p12

[oracle@localhost tde]$

Notice that Oracle created the directory tde under wallet_root.

Before we do any operations on the keystore, we need to open it. We
can create an auto open keystore later, but for now we’re just going to stick
to a normal keystore.

c##sec_admin > administer key management set keystore open

identified by SecretPassword;
keystore altered.

Now we’re going to set the master encryption key. This is needed to
decrypt the tablespace and table encryption keys. We use a tag to indicate
this is the initial master encryption key and automatically create a backup
with bk1 in the backup name.

c##sec_admin > administer key management set key

using tag 'initial'
identified by SecretPassword
with backup using 'bk1';
keystore altered.

You’ll notice that after you create the master key, the file size will
change, and a backup of the original keystore will be created.

[oracle@localhost tde]$ ls -ltr

total 12
-rw-------. 1 oracle oinstall 2555 Dec 22 09:27
ewallet_2018122214274238_bk1.p12
-rw-------. 1 oracle oinstall 4171 Dec 22 09:27 ewallet.p12
[oracle@localhost tde]$

5
Chapter 1 Encryption

Rekey the Keystore Master Encryption Key

If you suspect your keys have been compromised, then you’ll need to rekey
your data. There are three keys you should rekey.

• Master key

• Table key

• Tablespace key

When you rekey the master encryption key, a history of the master
encryption keys is kept in the keystore; this history will be needed if you
need to recover backups.
You will notice that in the example, we used the current date for the
tag. This will make it easier to know what master keys are out there and
when they were created.

[oracle@localhost ~]$ sqlplus c##sec_admin as syskm

SQL*Plus: Release 18.0.0.0.0 - Production on Sun Dec 23
07:38:47 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 -
Production
Version 18.3.0.0.0
SQL> administer key management set key
using tag '23Dec2018'
identified by SecretPassword

6
Visit https://ebooknice.com to
discover a wide range of
eBooks across various genres.
Enjoy exclusive deals and
discounts to enhance your
reading experience. Start your
digital reading journey today!
Chapter 1 Encryption

with backup using 'bk1';

keystore altered.
SQL>

Query the Master Key Information

You can query the v$encryption_keys and v$database_key_info views
to get the history of your master encryption keys, and you can query the
v$encryption_wallet view to get the status of the keystore.

V$ENCRYPTION_WALLET
Let’s see what keystores (wallets) you have and their statuses. You see that
the type of keystore is FILE, and you can see the location of the keystore,
which is open. A single wallet is configured, which is in the ROOT container.
It’s fully backed up and has connection ID 1 (the root container).

select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE
FULLY_BAC CON_ID
-------- ------------------------- ------- --------------------
--------- -------- --------- ----------
FILE /etc/oracle/wallet/tde/ OPEN AUTOLOGIN SINGLE NONE YES 1
FILE CLOSED UNKNOWN SINGLE UNITED UNDEFINED 2
FILE OPEN AUTOLOGIN SINGLE UNITED YES 3

7
Chapter 1 Encryption

The columns returned are discussed here:

Column Type Description

WRL_TYPE VARCHAR2(20) The type of wallet resource locator. The options

are as follows:
FILE: File type keystore
HSM: Hardware security module
OKV: Oracle Key Vault
WRL_ VARCHAR2(4000) The location of the keystore. For example,
PARAMETER in this case we are using /etc/oracle/
wallet/orclcdb. When queried, this returns
/etc/oracle/wallet/orclcdb/tde/.
STATUS VARCHAR2(30) The options are as follows:
OPEN
OPEN_NO_MASTER_KEY
OPEN_UNKNOWN_MASTER_KEY_STATUS
If the database is mounted, the data dictionary
is not open, so the database cannot check the
status of the hardware keystore.
WALLET_ VARCHAR2(20) The options are as follows:
TYPE HSM: Hardware Security Module
SOFTWARE: Software keystore
UNKNOWN: Keystore created using the
mkstore utility
WALLET_ VARCHAR2(9) The options are as follows:
ORDER SINGLE: A single wallet is configured.
PRIMARY: Multiple wallets are configured;
holds the current master key.
SECONDARY: Multiple wallets are configured;
holds old master keys.
(continued)
8
Chapter 1 Encryption

Column Type Description

KEYSTORE_ VARCHAR2(8) The options are as follows:

MODE NONE: If you’re in the root container or in a
noncontainer database, then the value is NONE.
UNITED: The pluggable database is configured
to use the keystore from the container
database.
ISOLATED: The pluggable database is
configured to use its own keystore. This
has advantages when there are multiple
organizations plugging into the same CDB.
FULLY_ VARCHAR2(9) The options are as follows:
BACKED_UP YES
NO
CON_ID NUMBER This value is the container the wallet is
associated with.

V
$ENCRYPTION_KEYS
To get a list of the encryption keys and what they apply to, use the
following (see Figure 1-1):

select tag,
activation_time,
creator,
key_use,
keystore_type,
backed_up,
activating_pdbname
from V$ENCRYPTION_KEYS;

9
Chapter 1 Encryption

Figure 1-1. Getting a list of the encryption keys and what they
apply to

Here you’ll see the master encryption keys for the root container and
the pluggable database ORCLPDB1:

KEY_ID VARCHAR2(78) Master Key ID

TAG VARCHAR2(4000) Tag associated with the master key.

CREATION_TIME TIMESTAMP(6) Timestamp of when the master key was
WITH TIME ZONE created.
ACTIVATION_ TIMESTAMP(6) Time the master key was activated.
TIME WITH TIME ZONE
CREATOR VARCHAR2(128) Username of the user who created the
master key. NOTE: When created with
the user-granted privilege syskm, the
username will equal syskm.
(continued)

10
Chapter 1 Encryption

KEY_ID VARCHAR2(78) Master Key ID

CREATOR_ID NUMBER User ID of the user who created the master

key. NOTE: When created with the user-
granted privilege syskm, the user_id
value will equal 0, which maps to user sys.
USER VARCHAR2(128) The username that activated the master
key. NOTE: This is the username that was
granted the syskm privilege.
USER_ID NUMBER User ID of the user who activated the
master key. NOTE: user_id returns 0,
which maps to user sys.
KEY_USE VARCHAR2(10) The master key used for TDE operation
in a PDB.
KEYSTORE_TYPE VARCHAR2(17) The options are as follows:
HSM: Hardware Security Module.
SOFTWARE KEYSTORE: Software keystore.
UNDEFINED: The keystore does not have
information of the type of keystore for the
master key.
ORIGIN VARCHAR2(41) The origin of the keystore. The values are
as follows:
1: Created locally in this database
2: Imported from another database
3: Imported and key metadata created
locally during activation
4: Key metadata created locally;
unknown if keystore created locally or
imported
5: Master key status unknown
(continued)

11
Chapter 1 Encryption

KEY_ID VARCHAR2(78) Master Key ID

BACKED_UP VARCHAR2(9) This specifies if the keystore has been

backed up. The options are as follows:
NO: The keystore has not been backed
up.
YES: The keystore has been backed up.
CREATOR_DBNAME VARCHAR2(128) Database that created the master key.
CREATOR_DBID NUMBER Database ID that created the master key.
CREATOR_ VARCHAR2(30) Instance that created the master key.
INSTANCE_NAME
CREATOR_ NUMBER Instance number that created the master
INSTANCE_ key.
NUMBER
CREATOR_ NUMBER Instance serial number that created the
INSTANCE_ master key.
SERIAL
CREATOR_ VARCHAR2(128) PDB that the master key was created in.
PDBNAME
CREATOR_ NUMBER PDB UID that the master key was created
PDBUID in.
CREATOR_ RAW(16) PDB GUID that the master key was
PDBGUID created in.
ACTIVATING_ NUMBER Database ID the master key was
DBID activated in.
ACTIVATING_ VARCHAR2(128) Database the master key was activated
DBNAME in.
(continued)

12
Chapter 1 Encryption

KEY_ID VARCHAR2(78) Master Key ID

ACTIVATING_ VARCHAR2(30) Instance name the master key was

INSTANCE_NAME activated in.
ACTIVATING_ NUMBER Instance number the master key was
INSTANCE_ activated in.
NUMBER
ACTIVATING_ NUMBER Instance serial number the master key
INSTANCE_ was activated in.
SERIAL
ACTIVATING_ VARCHAR2(128) PDB name the master key was
PDBNAME activated in
ACTIVATING_ NUMBER PDB ID that the master key was
PDBID activated in.
ACTIVATING_ NUMBER PDB UID that the master key was
PDBUID activated in.
ACTIVATING_ RAW(16) PDB GUID that the master key was
PDBGUID activated in.
CON_ID NUMBER Container associated with the
master key.

V$DATABASE_KEY_INFO
Query the keys that are being used to encrypt the system, sysaux, temp,
and undo tablespaces. You will notice that when you query from the root
container, you get all the keys, and when you query from the pluggable
database, you get only the key information for the pluggable database.

syskm@orclroot > select encryptionalg,

2 masterkey_activated,
3 masterkeyid,

13
Chapter 1 Encryption

4 con_id
5* from v$database_key_info

ENCRYPT MAS MASTERKEYID CON_ID

------- --- -------------------------------- ----------
AES128  YES 8613EEC551AB4FB8BF38898D8989CBFB          1
NONE    NO  00000000000000000000000000000000          2
AES128  YES 4FE6A1BA0CFA4F50BF415F095E1A033A          3

r@orclpdb1 > select encryptionalg,

  2                     masterkey_activated,
  3                     masterkeyid,
  4                     con_id
  5  from v$database_key_info;

ENCRYPT MAS MASTERKEYID CON_ID

------- --- -------------------------------- ----------
AES128 YES 4FE6A1BA0CFA4F50BF415F095E1A033A 3

Here is a table of the relevant columns:

Column Type Description

ENCRYPTIONALG VARCHAR2(7) This is the encryption algorithm. The options

are as follows:
NONE
3DES168
AES128
AES192: Default Algorithm
AES256
ENCRYPTEDKEY RAW(48) The encrypted version of the database key.
MASTERKEYID RAW(16) The master key ID that was used to encrypt
the database key.
(continued)

14
Chapter 1 Encryption

Column Type Description

MASTERKEY_ VARCHAR2(3) The options are as follows:

ACTIVATED YES: The master key has been set for the
current container.
NO: The master key has not been set for the
current container.
CON_ID NUMBER Container ID the key is associated with.

Rekey a Table Key

Rekeying a table key is just as easy as rekeying the master key. Simply alter
the table with the rekey option.

orclpdb1 > alter table t rekey;

Table altered.

You can also change the encryption algorithm with the rekey option.
Use the rekey using <algorithm> option.

orclpdb1 > alter table t rekey using 'aes256';

Table altered.

Rekey a Tablespace
Rekeying a tablespace requires you know the name of the data files,
because you are going to need to use the FILE_NAME_CONVERT clause. The
first thing you are going to do is to get the file names for the data files. After
you have the file name, then execute the alter tablespace <tablespace>
encryption rekey command.

15
Exploring the Variety of Random
Documents with Different Content
All the shadows crowded around the mouth of the bag, and one
after another stooped and went in. There was none left but the
shadow of the old woman herself. She closed the bag, now bulging,
and flinging it over her shoulder she said to her own shadow,
“Hither, Skag, and lie down!”
Her shadow moved close to her, and spread itself out on the ground
with its feet to hers, growing longer as it did so, so that it became
no more than an ordinary shadow cast by the lamplight on the floor.
The old woman went to the lamp and blew out the light, and the
room was in darkness, except for the glimmer of the dying fire.
I flattened myself on the ground as the door opened and the old
woman came forth with her bag on her back. I could scarcely see
her, and in an instant she had disappeared in the darkness.

He Loses His Way in the Dark

I waited a moment or two, and then crawled cautiously in the
direction I thought she had taken; but there was nothing but the
blackness of deep night all round me, and I could not be sure of my
direction. I looked behind me, and I could not see any longer the
window I had just left. I had come from the ladder easily enough,
but it was plainly a different matter to get back. I crawled on
uncertainly, and stopped now and then; I had gone by this time
farther than I had come at first, but I found no wall. I must have lost
my way. I went on, and found myself going down a slope. I knew
that this could not be right, and I changed my course a little; but I
was still going down the slope, and I was afraid that I would be
utterly lost if I turned back.
The sound of rushing water came to my ears now. The slope grew
steeper, and I crawled more cautiously. The sound of water became
more distinct. The ground was suddenly slimy, and before I knew it I
was slipping down a steep descent, unable to stop myself. I slid and
slid, faster and faster, clutching the slimy ground and rolling over
and over; and as I was fainting with dizziness I shot off into space,
and came down with a splash into a torrent of deep water.
The stream hurled me away. I struggled against it, but it was too
swift. It was impossible to swim. I could do no more than keep my
head above water, and let the current fling me along into the
darkness. Tossed like a leaf, hurled against the walls of the stream,
scratched by the edges of rocks, bruised, bleeding, and half-
drowned, I almost lost consciousness, and scarcely knew anything
more until I felt myself lying on soft sand in shallow water. I looked
up, and saw above me a clear sky; the open sea was rolling toward
me on a beach, and the moon was glittering on the waves.
I tottered to my feet. I was so weak and sore that I could hardly
stand. When I was able to move, I walked forward toward the
ocean. The stream which had brought me spread out and lost itself
in the sand. At my feet the breakers came rushing up, and a strip of
beach lay at my right hand and my left, enclosed at the back and
sides by a high cliff. There was no way out except by climbing the
cliff. I shouted, hoping that the seal might be out there in the water,
but there was no response. I made up my mind that I would have to
climb the cliff.
It was a cruel task, for the cliff was steep, and there was scarcely
any foothold but an occasional rock and bush; but I never once
thought of discouragement, and I stuck to it with all my might. My
bare feet and my hands were torn by the rocks, but I kept on, up
and up, and in time I stood on the top. I hastened away along the
edge of the cliff, and came after a long walk to a place where the
cliff turned back shoreward; and there I looked down, and saw the
roofs of the village straggling up its hillside behind the cove.

He Hears the Voice of the Seal Again

I lay down and put my head out over the edge of the cliff, and at
that moment there came to me from the still water of the cove a
faint, sad voice, singing:
“O wonderful pancake batter!
O table and fork and plate!
I wonder whatever’s the matter,
That he keeps me waiting so late?
He said he was willing to serve us
Regardless of danger or pelf,
But I’m getting so dreadfully nervous
I really am scarcely myself.
O why does he loiter and linger
While I wait so sorry and sick?
Let him sever the Ragpicker’s finger
And do it almightily quick.
For then I shall sit at a table,
My napkin over my knees,
And tipple as long as I’m able,
And gobble as long as I please,
With plenty of good hot curry,
And plenty of custard pie,—
If he only would hurry, hurry!
O why does he linger, why?”
The voice stopped, and I rose to my feet and made off across the
moonlit fields.
“There used to be a baker at the castle,” said the Queen, “shortly
after I was married, who made up a great many very pretty songs.
The King used to say that he sang better than he baked. For my
part, I was very sorry to lose him. His niece was going to be married
in one of our villages, I forget which,—no, I believe it was a cousin;
I am almost sure it was his cousin, and I think it was the niece who
was looking after his mother while he was here, and she had to go
and keep house for the cousin after she was married, and that left
his mother all alone; so that he had to go back to his mother, and I
always thought he was such a good son to give up his place here at
the castle in order to take care of his poor old mother, and I’m sure
very few would have done it in his place; but I must say that the
next baker was very much better at gingerbread, though he never
made up any songs, and I think the King himself missed the first one
a good deal afterward, though he never would say so.”
“Go on!” cried Bojohn; and Solario proceeded.
I rose to my feet (said Alb) and made off across the fields. I found a
path which wound down to the village, and I was presently standing
in the street. All the storks were gone, probably within doors for the
night.
I set forth briskly to find the house of the One-Armed Sorcerer. I
realized that the stork with the necklace was the Princess herself,
and I knew that if she was to be saved from the Ragpicker I must
act quickly.
I remembered the gilded wooden arm and hand, holding a lantern,
which stood out from the one-armed man’s house, and it was only a
matter of time to find it. I found it sooner than I expected. A light
was burning dimly in the lantern, but the house was dark. There was
no stork upon the housetop. I tried the handle of the door quietly,
and to my surprise the door gave before me, and I pushed it open.

He Peeps into the Sorcerer’s Workshop

I found myself in a dark room, which I crossed quickly to a door at
the other side. This door I opened on a crack, and through the crack
I looked into a lighted room; a small room, evidently a workshop,
cluttered about with glass vessels of strange shapes, metal machines
of various sorts, wooden hoops curiously interlaced, charts of the
skies, and great, brass-bound books; and at one side of the room
was a forge and in the center a table.
Before this table was standing the one-armed man whom I had
already seen. On the table, the stork with the necklace was lying on
its side, perfectly still, and as I looked the old man plucked a feather
from the stork’s wing and examined it carefully. He then cast it aside
and plucked another, this time from the back. This also he tossed
away, after examining it, and he then plucked a feather from the
shoulder, and holding it up to the light gave a cry of pleasure, and
without turning said, “Come in, Alb, I have been expecting you.”
I stepped into the room, and the old man greeted me with a friendly
smile, and held up the feather.
“Do you see this?” said he.
I looked at it closely. At the point of the quill hung a single drop of
blood.
The stork on the table stirred uneasily. The sorcerer stroked it gently
and said, “Sleep!” and the stork lay perfectly still again.
“Wait a minute,” said the old man. “We must keep this drop from
falling off, and we must harden the point of the quill.”
He produced from a closet a metal box, and out of this he took a
small glass tube, covered with frost. He held the drop of blood for a
moment inside the tube, and then put the tube away in its box.
“Now,” said he, “the drop will not fall off.”
He went to the forge, and blowing up the coals with a pair of
bellows, he held the point of the quill for a moment in the fire.
“Now,” said he, “it is as hard as a pin.”
The One-Armed Sorcerer plucked a feather from the stork
“Sir,” said I, “will you tell me what this is for?”
“To save the Ragpicker from herself,” said the sorcerer.
“But it’s the Princess I have come to save,” said I.
“It is the same thing,” said the old man. “If the Ragpicker is saved
from herself, everybody else is saved too. And this drop of blood
from the Princess’s heart will do it, and nothing else.”
“I have seen the Ragpicker to-night, sir,” said I, “and I will tell you
about it.”
“Sit down, my son,” said the old man, and when we were seated I
told him all that I had seen and heard in the Ragpicker’s cavern.
The sorcerer shook his head and smiled. “And so she thinks I wish to
take away her shadows and let the people kill her! Well, well, it’s the
way of wickedness to see nothing but evil. Why should I wish her
harm? What I seek to do is to save her, not to destroy her; but she’ll
never believe that, because she can’t think straight. Anyway, in
trying to do evil she has provided me with the means of making her
good.”
“How has she done that?” said I.
“If she hadn’t stolen the Princess’s shadow, I shouldn’t have brought
the Princess here; and if I hadn’t brought the Princess here, she
wouldn’t now be a stork; and if she hadn’t been turned to a stork I
couldn’t have gotten the drop of blood from her heart.”
“Is it true,” said I, “that the Ragpicker protects herself with
shadows?”
“Of course! What could protect her better? What else is there to fear,
but shadows? I confess I’m more than half afraid of them myself. We
all know we shouldn’t be, but we are, just the same. They’re
perfectly harmless, but they’re terrible. There’s nothing so real as
shadows.”
“But tell me,” said I, “how we are to save the Princess.”
“All in good time,” said the sorcerer; “in the meantime, you must get
a little rest, for you have an important task to do in the morning.”
I was tired out, in fact. The sorcerer left me, and I sat beside the
sleeping stork, watching it in silence for a long while, and then I
surrendered myself to drowsiness, and fell asleep.
When I awoke, it was morning. The stork was gone, and the
sorcerer’s hand was on my shoulder.
“Come,” said he, and placed in my hand a tiny bow of thin metal,
with a string of fine hair, and showed me how to use the stork’s
feather as an arrow to the bow. He then instructed me in what I had
to do, and led me out into the street.
The stork which had been a Princess was standing on the curb
before the door, and all the other storks were in their places on the
housetops. The street was already busy; shops and houses were
being opened for the day and many people were outdoors.

He Lies in Wait with a Bow and Arrow

Carrying the stork’s feather and the bow, I went to the next corner,
round which on the evening before I had seen the Ragpicker turn up
toward her home. I passed this corner, and concealed myself in a
doorway just beyond.
I had not long to wait. I had drawn my head back into the doorway
for a moment, and when I looked again the Ragpicker was standing
at the street crossing with her back toward me, gazing in the
direction of the stork which stood before the sorcerer’s door. On her
back was her bag, and in her left hand she carried a knife. The
people in the street stopped to watch her, muttering together.
“Skag!” said she, “come in!” And she turned sidewise to her shadow,
which lay at a great length on the ground before her. It began to
shorten toward her, and kept shortening until it was no longer than
herself. “Stand up!” said she, and the shadow stood upright beside
her, a black, flat image of herself in outline, looking as if it had been
cut from stiff, black paper.
The Ragpicker let down the bag from her shoulder and opened it on
the ground and said “Come out!” And at this all the people gave a
cry of terror and fled into their houses and shut the doors, and all
the storks on the housetops fluttered their feathers and flapped their
wings.

The Ragpicker Releases the Shadows in the Street

Out of the bag poured shadows; hundreds of them; all the shadows
of little children which I had seen go into the bag the night before;
and as they poured out, they ran about in the street as if
bewildered.
“Skag!” said the Ragpicker. “To the fore!”
The old woman’s shadow hastened to the front of all the others and
raised its long poker finger, beckoning them to follow. They crowded
behind, and moved noiselessly up the street toward the stork at the
sorcerer’s door. The Ragpicker followed close behind, holding her
knife up in her left hand. The stork which was the Princess stood
motionless on the curb before the door. The sorcerer was not to be
seen.
Now was my time for action. I crept silently after the old woman,
and came up just behind her. I fitted the feather with its drop of
blood to the little bow, and as I approached the old woman so close
that I might have touched her, I aimed quickly at her back and let
the arrow fly. Straight into her back it darted, and stuck there fast.
“Skag!” she screamed, but she said no more.
Quick as a wink I plucked the feather from her back, and as I did so
she turned upon me with her knife uplifted. But she stood suddenly
still, her hand relaxed, and the knife fell to the ground. A change
came slowly over her. Her back straightened; she grew taller; the
wrinkles left her face; her skin became fairer, her eyes larger, her
hair longer; and there was standing before me in her place a
beautiful young damsel, tall and erect, with dark eyes in a pale face,
and two thick braids of brown hair hanging to her waist.
She held up her right hand and looked at it, and gave a cry of joy.
The long, black, hooked finger was gone. Her two hands were the
shapely white hands of a young woman, without blemish.
“Free!” she cried. “The enchantment is over! I am myself at last! Oh,
thanks, young man!” And she threw her arms around me and kissed
me soundly on the cheek.
I released myself, awkwardly enough, and as I did so I saw all the
shadows up the street fall flat to the ground, as if they had been
knocked over by a ball; and they began to slip swiftly away in every
direction across the pavement. In an instant Skag, the old
Ragpicker’s shadow, lay at the young woman’s feet. She screamed
and shrank away, but in another instant the shadow’s shape was
changed, and in its place on the ground was the shadow of the
young woman herself. She clapped her hands with joy.

A Singular Commotion on the Housetops

The shadows of the children were climbing the walls of the houses;
and all of a sudden I heard a great clamor from the housetops, as of
hundreds of children crying out together.
“We can’t get down! Oh, I’m falling! Help! I can’t hold on! Oh,
Mother! We can’t get down! I’m slipping! I’m going to fall! Hurry!
Mother! Come quick!”
I looked up, and there on the housetops, where the storks had been,
children were clinging to the chimney pots, straddling the ridgepoles,
hanging on to the gables, big children and little children, boys and
girls, shrieking out at the top of their voices, and struggling to keep
from toppling off into the street. One tiny boy suddenly disappeared
down a chimney; a big girl lost her hold and rolled down the roof
into a wide leaden gutter, where she hung, half on and half off.
Dozens of boys and girls sat astride the ridgepoles, as if riding
cockhorses. The big boys began to shout with glee, but the little
ones were crying with fright; and at the hubbub all the doors flew
open and all the fathers and mothers ran out, and when they saw
what it was, a mighty shout went up, and it wasn’t a minute before
a ladder stood against every wall, and not more than two minutes
before all the children were safe on the ground, hugged up in their
mothers’ and fathers’ arms, with such laughing and weeping and
cheering as never were, I am sure, in this world before.
“Oh, isn’t it wonderful!” cried the beautiful young woman. “I’m so
glad, so glad!”
“The Princess!” I cried. “Look at the Princess!”

The Princess Is Herself Again, but—

She was her own lovely self again, and she was standing at the
same place on the curb before the sorcerer’s house, and the sorcerer
himself was standing beside her. The young woman and myself ran
swiftly to her, and I shouted a joyous greeting as I approached; but
to my surprise, she did not reply.
She was standing perfectly motionless, with her eyes wide open, and
one hand raised to her neck as if about to unfasten her necklace. On
her shoulder, shown by the open neck of her dress, was a tiny spot
of blood.
The young woman kissed the sorcerer’s hand and thanked him.
“But the Princess!” I cried. “What is the matter with the Princess?”
The sorcerer shook his head sadly. “Somebody always has to pay for
these benefits,” said he, “and I’m afraid that when we plucked the
feather we took away something we cannot replace. She cannot
move nor speak. But I will set to work, and in time I will—”
“Come!” said the young woman. “I will help her! We must take her
home! Come at once!”
The sorcerer and myself lifted the Princess between us and carried
her down the street toward the cove. The village people and their
children followed us, and stood in a throng on the beach as we got
into a boat and hoisted a sail.
“Good-bye!” shouted the people, and the sorcerer and myself waved
our hands, none too cheerfully; and at that moment we heard a kind
of bark from the water beside the boat, and a voice cried, “Sister!” It
was the seal. The young woman leaned down toward him and cried,
“Brother!”
“Is everything all right now?” said the seal. “What are you going to
do about me?”
His sister raised the Princess and showed him the red mark on the
Princess’s shoulder, and told him about the plucking of the stork’s
feather. Then the seal’s sister said:
“For once you have done a good deed, brother; and if you’ll do
another—you know the promise!—two good deeds!—you will be free
too. Go! and do not return until you have brought that which will
cure the Princess. The milk of the White Walrus who lives in the Far-
Alone Grotto on the Twelfth Ice Floe! Do you understand?”
“It’s a pretty good trip,” said the seal, “and I’ll probably have to fight
the walruses. But if you say so, why I suppose— When do you think
I’d better start?”
“This instant!” cried his sister. “Off with you! And return to us at the
King’s castle at Ventamere.”
“Oh, very well,” said the seal, and dived. He came up again at the
mouth of the cove, making off at a great rate for the open sea....
We reached the King’s castle at Ventamere in the evening, and
pressed straightway into the Grand Refectory, where the King was at
supper with his court. As we entered, the whole company sprang up,
and my father ran toward me.

The King Beholds His Child and Is Grieved

The sorcerer and myself, carrying the Princess, stood her on her feet
and supported her thus between us, and the seal’s sister stood
beside us.
“My daughter!” cried the King, and rushing toward the Princess with
outstretched arms, stopped in amazement as she remained between
us as speechless and motionless as a statue.
I whispered rapidly into my father’s ear, and the sorcerer, kneeling
before the King, began to explain.
The King paid no attention to him, but placed a hand upon his
daughter’s arm and wept.
“My poor child!” he said. “What shall we do now?”
There was a movement at the door. A crowd of the castle people
poured into the room, and parting, opened a lane for a young man,
a stranger, who advanced rapidly from the door; a very fat young
man, with a round, pink face and round, blue eyes, who wore
hanging from his shoulders the skin and head of a seal.
“Brother!” cried the seal’s sister.
“Yes,” said the fat young man, “it’s me; and a pretty little time I’ve
had among the walruses, I can tell you;” and he bowed low at the
same time to the King.
“Have you some business with us, young sir?” said the King.
“Venison steak and hasty pudding,” said the fat young man, with his
eye on the supper table. “Oh; I beg your pardon. I am the milk
man.”
“Milk? We want no milk here,” said the King.
“It’s for the Princess,” said the fat young man. “To be taken
externally. Good for lumbago, rheumatism, sprains, chilblains,
strawberry rash—”
“What is this fellow talking about?” said the King, in exasperation.
“Brother!” said the young woman, his sister, fixing him sternly with
her eye.
“Rub a little on her shoulder,” said her brother. “Direct from the
White Walrus on the Twelfth Ice Floe, and the walruses nearly ate
me alive before I got it; but here it is. Excellent for all sorts of skin
and blood diseases, as well as—”
“Brother!” said the young woman, sternly.
“I beg your pardon,” said the fat young man; and with a very grand
manner he took out of his pocket an oyster shell, and pried it open
with a knife from the table. On the lower half of the shell was a
spoonful of white liquid.
The Seal Introduces His Liniment, Guaranteed to
Cure in All Cases
“Very convenient milk bottle,” said he; and waving the King aside he
stepped up to the Princess and went on pompously, as if he were
making a speech:
“I will now,” said he, “in the presence of the entire company, and
openly before you all, so that you may see that no deception is
practised upon you, apply a modicum of my liniment to the shoulder
of the young lady, at the point where I perceive a stain of red,
rubbing the same in gently thus, with a downward motion of the first
two fingers of the right hand, thus, and thus, and thus.”
He poured the white liquid from the shell on to the red spot on the
Princess’s shoulder, and rubbed it in gently, talking all the while.
“Now, ladies and gentlemen,” he went on, “I call your attention to
the effects of this lotion when properly applied. It is warranted to be
very efficacious in all cases of— But see; she lowers her hand; she
moves her foot; she speaks; she—”
“Father!” cried the Princess, and threw herself into her father’s arms.
“Hurrah!” I shouted, and all the company cheered, until the rafters
rang again.
“Let the castle people retire,” said the King, and he led the Princess
to the table, where he seated her at his right hand, wiping his eyes
and blowing his nose. When we were all at table, the sorcerer told
his tale, and not until he had heard it to the end would the King
permit the meal to proceed. I observed that the son of the assistant
carol singer was very attentive to the seal’s sister; and as for the fat
young man her brother,—during the repast, which lasted a full two
hours, he spoke not a word.
At the end the King begged him to relate the story of his
enchantment and his sister’s, and he readily consented; whereupon
he commenced, without being asked a second time,
THE STORY OF THE TALKING SEAL AND HIS SISTER

“You must know,” he began—

“I am very sorry,” said the Princess Dorobel, interrupting, “but it is
Bojohn’s bedtime, and I fear we shall have to hear this story another
time.”
“Oh, mother!” said Bojohn. “I couldn’t go to sleep if I tried. Please
don’t—”
“No, my dear,” said the Princess Dorobel, “not to-night. Pray go on
with Alb’s story, Solario.”
When the seal’s story was finished (said Alb), the King begged the
One-Armed Sorcerer to remain with him as his friend and adviser;
and this the sorcerer consented to do.
“And now,” said the King, turning to me, “what reward shall be
yours? I will deny you nothing.”
I knelt before him, and made my request boldly. I knew that my
whole future hung upon that moment.
“The hand of my lady Princess,” said I, “if she is willing.”
“What do you say, my dear?” said the King.
The Princess said nothing, but turned red as a rose, and buried her
head on her father’s shoulder. She was mine! I took her hand in
mine and kissed it.
“That’s settled,” said the King. “And you, sir,” said he to the fat young
man, “what gift shall I bestow upon you?”
“A little more of the custard pie, if you please,” said the fat young
man.
THE FIFTH NIGHT
THE CITY OF DEAD LEAVES

S OLARIO was sitting cross-legged on his worktable, and before

him, in a row, sat the Executioner, Bodkin, Bojohn, Prince Bilbo,
the Princess Dorobel, and the Queen.
“This time,” said Bojohn, “we want to hear the story of Montesango’s
Cave.”
Solario shook his head. “The story is too dreadful altogether,” said
he. “I fear you would lie awake all night if—”
“Then tell us about the Roving Griffin,” said Bodkin.
“Or the Blind Giant,” said Bojohn.
“I am very curious myself,” said the Princess Dorobel, “to hear the
story of the seal and his sister. What do you say, mother?”
“I remember very well,” said the Queen, dropping her knitting in her
lap, “I saw a seal once when I was a young girl, and a very curious
creature it was, too, I’m sure. I’ve never forgotten it, because I was
on my way to be married to your father,—of course he wasn’t your
father then, you know,—and I think the day I saw the seal was the
day your father was expected to meet us, or the day before, I can’t
be quite certain now, it’s so long ago; and we were waiting for him
by the seashore,—but no, we weren’t expecting him on that day,
because he had sent a messenger to say that he couldn’t start until
all the horses were shod, and the blacksmith was just getting over
the measles. I remember that messenger very well; a small, dark
man with a beard, by the name of—what was his name? Something
like Manniko, or Finnikin,—no, it was Tallboy. That was it. Tallboy. He
didn’t stay with the King very long after we were married, because
his sister’s youngest boy was taken down with the—”
“Grandmother!” said Bojohn. “Solario is waiting to go on.”
“Dear me,” said the Queen, “so he is. I’m glad I brought my knitting
with me to-night.”
“I am sure,” said Prince Bilbo, “we would all be glad to hear about
the seal and his sister.”
“Your will is my pleasure,” said Solario, very prettily, “and I will
therefore now commence the story of—”
Here there was a sharp cry from outside the room door.
“Let me in!” piped up a voice, loud and sharp as a whistle.
Mortimer the Executioner opened the door, and at first glance there
appeared to be no one there. But Bojohn cried out, “It’s the
Encourager!” And there, on the sill, was in fact the tiny figure of the
Encourager, no taller than a sparrow, carrying his umbrella folded
under his arm. He opened the umbrella, and leaping into the air
floated up with it to the Executioner’s shoulder, where, folding the
umbrella again, he stood bowing to the company.
“Dear me,” said the Queen, “I believe it’s the Encourager of the
Interrupter.”
“If there’s anything going on,” piped up the Encourager, in his shrill
voice, “I don’t want to be left out!”
“Then sit down, Mortimer,” said Prince Bilbo, “and let the Encourager
hear the story too.”
The Executioner seated himself, and the Encourager sat down on the
Executioner’s shoulder and gazed solemnly at Solario with his beady
black eyes.
“Ahem!” said Solario, clearing his throat and picking up his shears. “I
will now, with your majesty’s gracious permission, proceed with the
story as it was related to the assembled company at Ventamere by
the seal, and by Alb the Fortunate to myself. This, then, is

“THE STORY OF TUSH THE APOTHECARY, AND OF PARAVAINE HIS

SISTER.”

I must tell you (said the fat young man), that I am an apothecary,
and my name is Tush.
“We had a Lord Treasurer once,” interrupted the Queen, “whose
name was Filch. It seemed so odd.”
My name is Tush; and this damsel, my sister, who was lately a
Ragpicker, is known as Paravaine. So much for that. I now proceed
to the catastrophe which begins my tale, and I hope you will pardon
me if I pause at times to wipe away a tear.
We were left alone at an early age, my sister and myself, without
kith or kin, and we dwelt together in the city of our birth, the city of
Fadz—you have heard of Fadz? A seaport of the Kingdom of Wen, a
city of ships and conversation; and in that city we dwelt quietly
together, and there I kept my shop.
My sister, as you may see by looking at her, was beautiful in the
highest degree; and I am bound to admit to you that she was not a
little vain of her beauty, and prized admiration above all things in the
world. Regarding myself, I may say that I was considered to be quite
handsome, though a trifle fat.
In the art of inventing remedies I greatly excelled; and I would
beyond a doubt have succeeded in my profession, but that I was
much given to the making of songs and the tasting of rare dishes,
and these two occupations consumed the greater part of my days.
My sister, on her part, applied herself so diligently to the adornment
of her lovely person before the mirror, that she had scarcely time for
anything else. In consequence, my business and my house fell into
neglect; and another apothecary, a tuneless fellow in a neighboring
street, who knew not beef from mutton, took away all my trade. But
such is the fate of your true artist, the world over.
I forgot, in the application necessary for the composition of songs,
the foolish moneys which I chanced to owe here and there, and at
length (so dead to the finer things of life is the coarse mind of
trade), I could find no one who was willing to trust us any longer,
even for the meanest knuckle of the least respectable portion of a
pig. I burn with indignation when I think of it,—but I proceed.

The Misfortunes of Tush the Apothecary

I soon found out what monsters in the shape of men—However.
Certain churls, men of no character, no elevation, no refinement,—
forgive me; I am not quite myself; these men, if I may call them
men, to whom I owed, I believe, some trifling sums of no account,
came to my shop one morning in a body, fifteen or so; and if you
can believe a thing so monstrous, they seized, they tore away, they
loaded into oxcarts in the street, in the broad light of day, all the
goods of my shop and all the furnishings of my house. I wept, I
threatened, I raved; but all to no purpose. They answered never so
much as a word; they departed, and left my sister and myself
without so much as a chair to sit on, or one coin to jingle against
another.
“Now that,” said the Queen, “was going entirely too far. However did
they expect the poor man to sit down?”
One thing I entreated them to spare me, my Perfection Cream, a
salve or ointment of my own invention, warranted to relieve in all
cases of affliction of the skin; a remedy which I had compounded
many years before, and had tried once or twice on myself with good
results. Of this, having never sold any, I had on hand, in little jars, a
quite considerable quantity. They left me this, with contempt; and
my sister, observing it, begged them to spare to her of her own
possessions one thing only, her mirror, a handglass backed with blue
enamel, with a long handle of the same; and this also they granted,
not without a jeer.
We sat for a long time upon the barren floor; and then we rose, and
shaking the dust of the place from our feet, we departed, never to
return. In a pouch at my side I carried my Perfection Cream, and in
her hand my sister carried her blue mirror; and thus we went forth,
to try our fortunes in the world.
We sought the wharves, designing to take ship for some distant
clime; and we found, in fact, a vessel loading for a voyage. The
ship’s master was sitting on a bale, directing the porters, and I
addressed him politely, explaining our case. He shrugged his
shoulders and shook his head; but he happened to turn around and
catch sight of my sister, and his manner changed. He jumped to his
feet, bowed, and begged us to come aboard.
In effect, we sailed away. My heart was light again. The city faded
behind us, the sunlight sparkled on the waves; and I was none the
less happy because I had not the least idea where we were going. I
composed a song regarding life on the ocean wave, and sang it with
ecstasy, until my sister begged me to stop.
The master of the ship treated us with distinguished courtesy; I
could not help contrasting his conduct with that of the cold-blooded
men who had— But I resolved to think of them no more. I gave
myself up to the pleasures of the voyage.

They Find Themselves on an Unknown Shore

On the third day, when we were sailing offshore in a light breeze, my
sister came to me in tears. The master of the ship had demanded
that she marry him, as the price of our passage. I went to him at
once, and remonstrated with him patiently. It was no use. He was
set upon marrying my sister. We left the matter to Paravaine herself,
and she rejected the proposal with scorn. “You see!” said I, throwing
up my hands in despair. “Yes, I see,” said the mariner. “You wish to
go ashore. I will not detain you any longer.” The ship was brought in
closer to the shore, a boat was lowered, and my sister and myself (I
assure you the black-hearted scoundrel bowed to us politely to the
last)—my sister and myself were landed on a sandy beach, and the
ship sailed away.
“Now isn’t that a perfect shame,” said the Queen. “And such a nice
young man, too.”
We stood for a time in silence, petrified with despair. A vast, treeless
plain stretched away beyond the beach, far as the eye could see;
there was no human habitation anywhere. Not an ounce of food nor
a copper coin did we have between us,—nothing but my Perfection
Cream and my sister’s blue mirror. We were at our wits’ end.
“Let us sit down and think what we had better do,” said I, and I led
my sister to a brown rock embedded in the sand at no great
distance. It was a large rock, round and smooth, and we sat down
with our backs against it, gazing mournfully at the Great Sea, where
it sparkled in the sunlight. It was a beautiful sight, and I began to
think up a new song.
“I always used to say,” said the Queen, “that the sea was a very
pretty thing, but the King never could abide it. He used to get so
sick! And he finally declared he would never put his foot on a boat
as long as he— Dear me! I remember a sailor on one of our trips
who had a parrot that used to talk—Oh, dear! Such things as he did
say! Oh, dear! Oh, dear! When I think of them!”
“All right, grandmother,” said Bojohn. “Go on, Solario.”
As we sat there (said the fat young man) with our backs against the
brown rock, I amused myself by plucking away idly certain blades of
long brown grass which fringed the lower portion of the rock near
my hand; and these blades I twined, scarce thinking what I did, into
a ring of a size to fit a finger. Instead of putting it on my own finger,
I took my sister’s hand and placed the ring, jestingly, on the first
finger of her right hand.

The Startling Effect of Making a Ring of Grass

No sooner was this done than a kind of groan came from the rock.
The sand on which we sat heaved and shuddered. It rose beneath
us, and we were lifted slowly into the air; and when we were higher
than a man’s height above the ground we were thrown off on to the
beach, and we were looking up at a monstrous creature in the shape
of a man, who had risen up under us from beneath the sand. He
was chocolate brown in color, and he towered above us full seven
yards or more. The rock against which we had been sitting was, as
we now perceived, his head; he had been lying, no doubt asleep, on
his stomach under the sand, completely covered except for his head.
We had been sitting above his buried shoulders, and leaning against
the back of his head; and from this head, all bald but for a fringe of
hair at the bottom, I had plucked the hairs which I had thought were
grass.
“A genie!” I cried, and pulled my sister to her feet in fright.
The genie opened his mouth in a great yawn, and stretched his
mighty arms; and as he breathed out again, jets of flame shot from
his nostrils. He was bare, except for a wide cloth twisted around his
middle from waist to thigh, and in the waistband he wore a long,
curved scimitar, which flashed in the sun. He spread his hands out
before him and bowed low.
“Were you asleep in the sand?” said my sister, recovering her wits
first.
He bowed again.
“What do you want with us?” said my sister, becoming bolder.
“I await your commands,” said the genie, in a voice like the roaring
of a waterfall.
“Oh!” said my sister. “Is it the ring of hair on my finger? Is that it?”
He bowed again, extending his hands.
“Then please! please! take us away from here!” cried my sister.
“What is it you seek?” said the genie.
“We seek the best thing in the world!” cried my sister. “Take us
where we may find it!”
“What do you mean by the best thing in the world?” said I to my
sister.
“I don’t know,” said she; “but the genie ought to know, and he’ll
take us where we may find it. Won’t you?” said she, looking up at
him.
“Hearing is obedience!” said the genie, and little jets of fire spurted
from his nostrils.
“Where will you take us?” said I.
“I will take you where you may find the best thing in the world,” said
the genie. “And if you find it, it will be the best thing in the world for
me too, because it will release me from the power of the One-Armed
Sorcerer, who dwells in an island far out in the Great Sea. If you
don’t find it, it will be your own fault, and in that case,—beware!”
“This sounds pretty doubtful,” said I.
“No matter!” cried my sister. “We will find it. Take us there at once!”
The genie flew away with Tush and his sister

They Start Upon a Journey Through the Air

The genie stooped down over us, and under his right arm he
gathered me up, and under his left arm he gathered up my sister. He
stamped upon the earth so that it shook, and leaped into the air;
and in an instant we were soaring over the treeless plain, and I was
sick with dizziness. Higher and higher we mounted, with the speed
of an arrow; we seemed to be flying straight into the face of the
sun; I could no longer tell which was sea and which was plain below.
I closed my eyes.
It was a long time before I opened them again. We were lower, and
I could see the plain, flat and grassy, without a tree. The sun
declined, and still we kept our course; I thought we should soon be
at the end of the world; and still there were no trees anywhere on
the plain below us.
I ached in every limb; I cried out, but the genie did not hear me;
and when I was ready to faint with exhaustion his speed suddenly
relaxed, and I saw, at the edge of the horizon before me, what was,
or seemed to be, a city. And still there were no trees.
Scarcely a moment passed before the city rose in plain view; and
with a swoop the genie descended upon the earth, and we were
standing, all three of us, before a gate in the city wall, and my sister
was arranging her hair before her mirror.
A tall and muscular man stood beside the gate, as if on guard. He
was chocolate brown in color, and he was bare except for a wide
cloth twisted about his middle from waist to thigh, and in his right
hand he carried a scimitar, which flashed in the sunlight. I looked
around for the genie, but he was gone.
“What city is this?” said I to the Guardian of the Gate.
“It is the City of Dead Leaves,” said the man. “What do you seek in
the city?”
“We are seeking,” said my sister, “the best thing in the world. We
were told that we would find it here.”
“Ah!” said the Guardian, looking at my sister. “You are she who has
come to save the King’s brother. Come with me.”
He led the way through the gate, and we found ourselves in an alley
of high walls, along which we followed him for some distance,
coming out upon an open plot of grass, surrounded by the same
high walls in a circle. As we approached it, I smelled a familiar
fragrance, the fragrance of orange blossoms; and I thought with
some regret of the groves upon our slopes at home.
The Orange Tree and the Panther
In the center of this plot was an orange tree. It was green with
foliage and white with blossoms; the odor was delicious. Under the
tree, prowling stealthily around it, was a panther. I drew back in
alarm. “Do not go too close,” said our guide. “It is death to touch the
tree.”
I had no desire to approach that terrible beast, and we gave him a
wide berth as we proceeded around the rim of the grassplot to an
opening in the opposite wall. We passed through that opening into a
city street; a street of glass, as it seemed, for the front wall of every
house was made of glass; and within, in every case, was a kind of
storeroom, piled up with something which looked like dead leaves.
In the greater houses these rooms were piled quite full; in the
meaner there were only little mounds; but much or little, they
appeared to be on exhibition, as if in pride.
“The treasures of our people,” said the Guardian of the Gate. “Dead
orange leaves. Our most precious possession. The wealth and
station of each citizen are gauged by his store of dead leaves. It is of
course only proper to put them where they may be seen. But come;
the King’s brother awaits us.”
I nudged my sister. “The King’s brother!” I whispered. “Here is a
chance for you!” She smiled, and glanced into her mirror.
We wound through many streets of glass, and I observed that
besides glass the houses contained no material but stone and metal;
the absence of wood was very noticeable. We turned down a mean
street toward the city wall, and came out upon a common, strewn
with refuse of all kinds, and bounded on the further side by the wall.
A shelter of canvas leaned against the wall, and beneath this shelter,
on a pallet of straw, lay a man in rags. He raised himself on his
elbow and looked up at us.
“The King’s brother,” said our guide, and I started back in surprise.
They Come Upon the King’s Brother in Rags
He was a young man, and very ugly, but not unpleasant to look at;
indeed, his ugliness had something honest and winning in it; and if
he had not been so ragged, he might have made a passable
appearance. As it was, I laughed to myself at the thought of such a
fellow in connection with my beautiful sister.
The ugly young man stood up and bowed politely.
“Is it the first stranger?” said he to the Guardian of the Gate.
“It is,” said the Guardian.
“I am content,” said the young man, casting on my sister a look of
admiration.
“Fair lady,” he went on, dropping on one knee and taking her hand,
“if you are not pledged elsewhere, I beseech you to accept me as a
suitor for your hand. Stay; do not repulse me at my first word, but
hear me further, and take time to consider. I am the King’s younger
brother; and because I would not marry a lady of his choosing, he
has cast me out, swearing that I shall remain in this misery unless I
shall marry the first stranger who shall come to our gates. Oh,
fortunate hour that brought you here the first of all! I am poor; I do
not possess a single leaf; but I will devote myself to you loyally, and
I do not think you will regret it. I know, having seen you, that I
cannot live without you. Do not refuse me now, but at the end of a
week give me your answer.”
He kissed her hand fervently, and arose. I confess that I liked this
young man, but of course I could not think of marrying my sister to
one so utterly forlorn. I answered for her.
“In a week I will let you know,” said I, and drew my sister away.
“Before you go,” said he, “let me give you a warning. Look at my
hands.”
He held out his palms, and I saw that they were covered with a
rash, red and angry-looking. He rubbed his palms together, as if to
soothe an irritation.
“The itching palms!” said he. “I have handled the dead leaves all my
life; and because I have handled them my palms itch, itch, all day
and night, without ever a moment’s peace. I warn you not to touch
the dead leaves. The dead leaves of the orange tree; do not touch
them.”
“Very well,” said I, and with these words we left him.
The Guardian of the Gate, leading us back into the city streets,
turned and said:
“You have just had your first chance to gain the best thing in the
world. I will now give you your second. Be careful how you choose.”
We entered a street of shops; and I now noticed that the people
were, each of them, rubbing their palms together, as if to soothe an
intolerable itching.
I paused to look into one of the shops as we passed. The customers
within were handing over to the dealer, in return for his goods,
leaves, dead leaves, of the sort we had seen in the glass
showrooms; and whenever these dead leaves passed from hand to
hand, I remarked that the itching of the palm they touched became
more exasperating, so that the people were quite beside themselves,
and could not keep quiet on their feet; but the dealer nevertheless
received the dead leaves eagerly, and the others gave them up with
reluctance.
“These people are mad,” said I.
We joined a great rout of people, all rubbing their hands, who were
pouring down a street in the direction of an open square; and when
we reached it, we saw in the center, on a platform above the heads
of the crowd, a man in a robe, who was evidently about to read
from a paper held in his hand.
“Your second chance,” said the Guardian of the Gate. “I will leave
you to your choice. Be careful how you choose.”
He turned away, and disappeared in the crowd.
“Hear ye! Hear ye!” cried the man on the platform. “A message from
the King! Whereas the affliction of the itching palm has now become
so grievous that it can no longer be endured, the King now offers, to
such person as shall cure him, one-half of all the dead leaves in his
treasury! And to him also he promises one-half of all the dead leaves
belonging to each person whom he shall cure! The offer is open to
all! Be diligent! Thus saith the King!”
The messenger got down, and immediately there arose near the
platform a commotion, with much laughter, and those in that
neighborhood began to cry out:
“Way for the Lord Buffo! Make way for the wise Lord Buffo!”

A Dwarf Clad in Motley Stands up to Speak

A singular figure now mounted the platform, facing in our direction.
He was a dwarf, hunchbacked and thickset, with a very large head
set deep in his shoulders, and arms which hung to his knees. His
clothing was of squares of yellow and blue and green and orange,
and on his head he wore a paper crown, rimmed around at the top
with little bells. With his right hand he pulled up by a cord a small
monkey, dressed in all respects like himself; and in his other hand he
held the long tail feather of a cock.
“The King’s Fool,” said one of the bystanders in my ear.
The Fool waved the feather, and the crowd settled itself to listen.
“Hear ye! Hear ye!” he cried, in a loud, harsh voice.
At this the people shouted, “Go on, go on!”
The monkey leaped up on to the dwarf’s shoulder, and the dwarf
proceeded, with the greatest gravity.
“I, Buffo, chief counselor to his most gracious majesty, King
Fatchaps, do call upon you to hearken to the voice of Wisdom!”
“Wisdom! That’s good!” laughed the crowd,—never ceasing to rub
their palms and dance up and down the while.
“First I must tell you, my loyal subjects, that you are all mad. Do you
believe it?”
“Yes! yes! Of course!” shouted the crowd, still laughing.
“Give ear, and I will prove it to you! Thus! Answer me! Isn’t there
enough in our city for all, to feed you and clothe you and shelter you
and amuse you? Answer!”
“True!” cried many persons in the throng.
“Then why are there some among you who starve, and others who
cast out of their abundance to the dogs? Tell me that!”
No one replied.
“Because you are mad! With the itching palm! Look at you! You can’t
stand still on your feet! Rub, rub! Want in the midst of plenty!
Scratch, scratch! Some with too little and some with too much! Rub,
rub! And enough for everybody in reason! Scratch, scratch! All mad,
all mad! Rub, rub! Look at me—have I itching palms?” He held up
his hands, palms outward.
“No!” exclaimed several in the crowd.
“Tell me why! Tell me why! Because I touch not the dead leaves!
Isn’t it so?”
No one answered.
“Give ear, madmen, and I will reveal to you how to cure the itching
palm! Bring the dead orange leaves here to the square! Pile them
up! Burn them, burn them, burn them, every one! That’s it! Will you
give up the dead leaves?”
“No!” roared the people as if with one voice.
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.