docs(notes): add oracle, mysql, and websphere docs

Author: lzwjava

notes/2025-03-25-oracle-account-en.md

@@ -0,0 +1,145 @@
+---
+title: Oracle Database - User Account
+lang: en
+layout: post
+audio: false
+translated: false
+generated: true
+---
+
+The `ORA-28000: The account is locked` error occurs when attempting to connect to an Oracle database (e.g., via a thin JDBC driver) and the user account you’re trying to use has been locked. This typically happens due to too many failed login attempts, manual locking by an administrator, or an account expiration policy. To resolve this, you need to unlock the account, and if necessary, reset the password or check the account status. Below are the steps to fix this issue when connecting to an Oracle database.
+
+---
+
+### Steps to Fix ORA-28000
+
+#### 1. **Verify the Error**
+   When you encounter this error in a JDBC connection, it might look like this:
+   ```
+   java.sql.SQLException: ORA-28000: The account is locked
+   ```
+   This confirms the issue is with the database account, not the JDBC configuration itself (e.g., URL, driver, or WebSphere datasource settings).
+
+#### 2. **Log in as a Privileged User**
+   To unlock the account, you need access to a database user with administrative privileges (e.g., `SYS`, `SYSTEM`, or a user with `DBA` role). Connect to the database using a tool like SQL*Plus, SQL Developer, or a JDBC client:
+   ```bash
+   sqlplus / as sysdba
+   ```
+   OR
+   ```bash
+   sqlplus system/<password>@<service_name>
+   ```
+   Replace `<password>` and `<service_name>` with your actual credentials and database service name (e.g., `ORCL`).
+
+#### 3. **Check the Account Status**
+   Run the following SQL query to check the status of the locked account:
+   ```sql
+   SELECT username, account_status, lock_date 
+   FROM dba_users 
+   WHERE username = 'YOUR_USERNAME';
+   ```
+   - Replace `YOUR_USERNAME` with the username you’re trying to connect with (e.g., `myuser`).
+   - Look at the `ACCOUNT_STATUS` column. If it says `LOCKED` or `LOCKED(TIMED)`, the account is locked.
+
+   Example output:
+   ```
+   USERNAME   ACCOUNT_STATUS   LOCK_DATE
+   ---------- ---------------- -------------------
+   MYUSER     LOCKED           24-MAR-25 10:00:00
+   ```
+
+#### 4. **Unlock the Account**
+   To unlock the account, execute this SQL command as the privileged user:
+   ```sql
+   ALTER USER your_username ACCOUNT UNLOCK;
+   ```
+   Example:
+   ```sql
+   ALTER USER myuser ACCOUNT UNLOCK;
+   ```
+
+#### 5. **(Optional) Reset the Password**
+   If the password might have expired or you suspect it’s incorrect, reset it while you’re at it:
+   ```sql
+   ALTER USER your_username IDENTIFIED BY new_password;
+   ```
+   Example:
+   ```sql
+   ALTER USER myuser IDENTIFIED BY mynewpass123;
+   ```
+   - After resetting, update the password in your WebSphere `server.xml` (or wherever the JDBC datasource is configured) and re-encrypt it if necessary (see your previous question for AES encoding steps).
+
+#### 6. **Commit Changes (If Required)**
+   In most cases, `ALTER USER` commands take effect immediately and don’t require a `COMMIT`. However, if you’re in a transaction-heavy environment, ensure no rollback occurs by restarting the session or the database if needed.
+
+#### 7. **Test the Connection**
+   Try connecting again using your JDBC application or a simple test:
+   ```java
+   import java.sql.Connection;
+   import java.sql.DriverManager;
+
+   public class TestJDBC {
+       public static void main(String[] args) throws Exception {
+           String url = "jdbc:oracle:thin:@//localhost:1521/ORCL";
+           String user = "myuser";
+           String password = "mynewpass123";
+           Connection conn = DriverManager.getConnection(url, user, password);
+           System.out.println("Connection successful!");
+           conn.close();
+       }
+   }
+   ```
+   - Update the `url`, `user`, and `password` to match your environment.
+   - If this works, update your WebSphere datasource configuration accordingly.
+
+#### 8. **Check for Profile Policies (Prevent Future Locks)**
+   The account might have locked due to a security policy in the user’s profile (e.g., `FAILED_LOGIN_ATTEMPTS` or `PASSWORD_LOCK_TIME`). Check the profile assigned to the user:
+   ```sql
+   SELECT profile 
+   FROM dba_users 
+   WHERE username = 'YOUR_USERNAME';
+   ```
+   Then, inspect the profile’s limits:
+   ```sql
+   SELECT resource_name, limit 
+   FROM dba_profiles 
+   WHERE profile = 'YOUR_PROFILE_NAME';
+   ```
+   Look for:
+   - `FAILED_LOGIN_ATTEMPTS`: Number of failed attempts before locking (e.g., `10`).
+   - `PASSWORD_LOCK_TIME`: Duration of the lock (e.g., `1` day).
+
+   To relax these settings (if appropriate), modify the profile:
+   ```sql
+   ALTER PROFILE your_profile_name LIMIT 
+       FAILED_LOGIN_ATTEMPTS UNLIMITED 
+       PASSWORD_LOCK_TIME UNLIMITED;
+   ```
+   Example:
+   ```sql
+   ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;
+   ```
+
+#### 9. **Restart WebSphere (If Needed)**
+   If you’re using WebSphere and updated the datasource password, restart the application server to ensure the changes take effect:
+   - For Liberty: `./bin/server stop` and `./bin/server start`.
+   - For traditional WebSphere: Use the Admin Console or `stopServer.sh`/`startServer.sh`.
+
+---
+
+### Common Causes of ORA-28000
+- **Too Many Failed Login Attempts**: Check application logs or WebSphere logs (e.g., `SystemOut.log`) for prior connection errors.
+- **Manual Lock**: An admin might have locked the account intentionally (`ALTER USER myuser ACCOUNT LOCK`).
+- **Expired Account**: Some environments lock accounts when passwords expire. Check `EXPIRY_DATE` in `dba_users`.
+
+---
+
+### Troubleshooting Tips
+- If you don’t have `SYS` or `SYSTEM` access, contact your database administrator to unlock the account.
+- Ensure the JDBC URL, username, and password in `server.xml` are correct before retrying.
+- If the issue persists, verify the Oracle listener is running:
+  ```bash
+  lsnrctl status
+  ```
+
+Let me know if you encounter additional errors or need help with a specific step!

notes/2025-03-25-oracle-mysql-en.md

@@ -0,0 +1,86 @@
+---
+title: General Differences Between Oracle DB and MySQL
+lang: en
+layout: post
+audio: false
+translated: false
+generated: true
+---
+
+Oracle Database and MySQL are both powerful relational database management systems (RDBMS), but they differ significantly in architecture, features, and use cases. Below, I’ll outline their general differences and then dive into how they compare in terms of schema design and database design.
+
+1. **Ownership and Licensing**:
+   - **Oracle DB**: A commercial product owned by Oracle Corporation. It’s enterprise-grade, with licensing costs that can be substantial, though it offers a free tier (Oracle Database Express Edition).
+   - **MySQL**: Open-source under the GNU General Public License, with a community edition that’s free. There’s also a commercial version supported by Oracle Corporation, but it’s far less expensive than Oracle DB.
+
+2. **Performance and Scalability**:
+   - **Oracle DB**: Designed for high-performance, large-scale enterprise applications. It excels in handling complex transactions, massive datasets, and high concurrency.
+   - **MySQL**: Lightweight and optimized for simpler, web-based applications. It scales well horizontally (e.g., with replication), but it’s less suited for extremely complex enterprise workloads compared to Oracle.
+
+3. **Features**:
+   - **Oracle DB**: Offers advanced features like Real Application Clusters (RAC) for high availability, partitioning, advanced analytics, and extensive security options.
+   - **MySQL**: Simpler feature set, focusing on ease of use, speed, and replication. It supports fewer advanced enterprise features out of the box but has plugins/extensions (e.g., InnoDB for transactions).
+
+4. **Architecture**:
+   - **Oracle DB**: Multi-process, multi-threaded architecture with a shared-everything design (memory and disk). Highly configurable.
+   - **MySQL**: Simpler, multi-threaded architecture, typically using a shared-nothing design in replication setups. Less configurable but easier to set up.
+
+5. **Use Case**:
+   - **Oracle DB**: Preferred for mission-critical enterprise systems (e.g., banking, telecom).
+   - **MySQL**: Popular for web applications, startups, and small-to-medium-sized businesses (e.g., WordPress, e-commerce platforms).
+
+---
+
+### Schema Design and Database Design Differences
+
+Schema design and database design refer to how data is structured, stored, and managed within the database. Here’s how Oracle DB and MySQL differ in these areas:
+
+#### 1. **Data Types**:
+   - **Oracle DB**: Offers a richer set of data types, including proprietary ones like `VARCHAR2` (preferred over `VARCHAR`), `CLOB` (Character Large Object), `BLOB` (Binary Large Object), and `RAW`. It also supports user-defined types and object-relational features.
+   - **MySQL**: Has a simpler, more standard set of data types (e.g., `VARCHAR`, `TEXT`, `BLOB`, `INT`). It lacks some of Oracle’s advanced or proprietary types but supports JSON and spatial data types in newer versions.
+
+   **Impact on Design**: Oracle’s flexibility with data types allows for more complex schema designs, especially in applications requiring custom objects or large binary data. MySQL’s simpler types favor straightforward designs.
+
+#### 2. **Schema Structure**:
+   - **Oracle DB**: Uses a schema tied to a user by default (e.g., each user has their own schema). It supports multiple schemas within a single database instance, making it ideal for multi-tenant applications. You can also create tablespaces for physical storage management.
+   - **MySQL**: Treats a "database" as a schema (one database = one schema). Multiple databases can exist on a server, but they’re logically separate, with no inherent multi-tenant structure like Oracle’s schemas.
+
+   **Impact on Design**: Oracle’s schema-user model and tablespaces allow for more granular control over data organization and storage, which is useful for complex systems. MySQL’s simpler database-per-schema approach is easier for smaller, isolated applications.
+
+#### 3. **Constraints and Integrity**:
+   - **Oracle DB**: Enforces strict data integrity with extensive support for primary keys, foreign keys, unique constraints, and check constraints. It also supports deferred constraints (checked at commit time rather than immediately).
+   - **MySQL**: Supports similar constraints, but enforcement depends on the storage engine (e.g., InnoDB supports foreign keys, MyISAM does not). Deferred constraints are not natively supported.
+
+   **Impact on Design**: Oracle’s robust constraint system suits designs requiring high data integrity (e.g., financial systems). MySQL’s flexibility with engines allows trade-offs between speed and integrity, affecting schema complexity.
+
+#### 4. **Indexing**:
+   - **Oracle DB**: Offers advanced indexing options like B-tree, bitmap, function-based, and domain indexes. It also supports index-organized tables (IOTs) where the table itself is an index.
+   - **MySQL**: Primarily uses B-tree indexes (InnoDB) and full-text indexes (MyISAM). Fewer advanced options but sufficient for most web-scale needs.
+
+   **Impact on Design**: Oracle’s indexing capabilities allow for optimized performance in complex queries, influencing schema design toward normalized structures. MySQL’s simpler indexing may push designs toward denormalization for performance.
+
+#### 5. **Partitioning**:
+   - **Oracle DB**: Native support for partitioning (range, list, hash, composite) at the table and index level, improving performance and manageability for large datasets.
+   - **MySQL**: Introduced partitioning later (range, list, hash, key), but it’s less mature and not as widely used. It’s also engine-dependent (e.g., InnoDB only).
+
+   **Impact on Design**: Oracle’s partitioning encourages designs that split large tables for scalability, while MySQL’s limitations might lead to simpler, smaller tables or reliance on sharding.
+
+#### 6. **Transactions and Concurrency**:
+   - **Oracle DB**: Uses multi-version concurrency control (MVCC) with a "read-consistent" model, avoiding dirty reads entirely. Supports complex, long-running transactions.
+   - **MySQL**: Also uses MVCC (with InnoDB), but concurrency control varies by engine. MyISAM, for example, uses table-level locking, which can limit concurrency.
+
+   **Impact on Design**: Oracle’s transaction model supports intricate designs with heavy relational dependencies. MySQL’s engine variability might influence designers to prioritize simplicity or choose InnoDB for transactional integrity.
+
+#### 7. **Stored Procedures and Triggers**:
+   - **Oracle DB**: Robust support for PL/SQL, a powerful procedural language for stored procedures, functions, and triggers. It’s deeply integrated into the database.
+   - **MySQL**: Supports stored procedures and triggers in a simpler SQL-based language, but it’s less feature-rich than PL/SQL.
+
+   **Impact on Design**: Oracle’s PL/SQL encourages embedding business logic in the database, affecting schema complexity. MySQL’s lighter approach pushes logic to the application layer.
+
+---
+
+### Summary for Schema/Database Design
+- **Oracle DB**: Suited for complex, highly relational, and normalized designs with advanced features like partitioning, custom types, and strict integrity. It’s ideal for enterprise systems where scalability, performance, and control are paramount.
+- **MySQL**: Favors simpler, often denormalized designs for speed and ease of use. It’s better for applications where rapid development and lightweight deployment trump advanced features.
+
+If you’re designing a schema, Oracle gives you more tools to optimize and fine-tune, while MySQL keeps things lean and straightforward. The choice depends on your project’s scale, budget, and complexity requirements. Let me know if you’d like examples of schema designs for either!

notes/2025-03-25-websphere-aes-en.md

@@ -0,0 +1,91 @@
+---
+title: Websphere AES Password
+lang: en
+layout: post
+audio: false
+translated: false
+generated: true
+---
+
+In WebSphere Application Server, passwords in configuration files like `server.xml` (for Liberty) or other XML configuration files (e.g., `resources.xml`, `security.xml` in traditional WebSphere) are often encrypted using AES (Advanced Encryption Standard) when security utilities are employed. If the password in your `server.xml` file for an Oracle JDBC datasource is in AES-encrypted format, it typically appears with an `{aes}` prefix, such as `{aes}YSPuwMQqjeo/DlSNYnUZ3E6z6WLVmEaAtDmMaFg6JCY=`. To decode this password, you need to use WebSphere's built-in tools or APIs, as the encryption is tied to a specific encryption key managed by the server.
+
+Here’s how you can decode an AES-encrypted password from a WebSphere `server.xml` file:
+
+### Steps to Decode the Password
+
+1. **Understand the Encryption Context**  
+   WebSphere Liberty (and traditional WebSphere) uses an encryption key stored in the server's configuration to encrypt and decrypt sensitive data like passwords. In Liberty, this key is typically managed via the `securityUtility` tool or embedded in the server's configuration. The AES-encrypted password cannot be decrypted without access to this key, which is unique to the WebSphere instance.
+
+2. **Locate the Encrypted Password**  
+   In your `server.xml` file, find the Oracle JDBC datasource configuration. It might look something like this:
+   ```xml
+   <dataSource id="oracleDS" jndiName="jdbc/oracleDS">
+       <jdbcDriver libraryRef="OracleLib"/>
+       <properties.oracle url="jdbc:oracle:thin:@//localhost:1521/ORCL" 
+                       user="myuser" 
+                       password="{aes}YSPuwMQqjeo/DlSNYnUZ3E6z6WLVmEaAtDmMaFg6JCY="/>
+   </dataSource>
+   ```
+   The `password` attribute contains the AES-encrypted value.
+
+3. **Use WebSphere Liberty’s `securityUtility` Tool**  
+   WebSphere Liberty provides the `securityUtility` command-line tool to encode and decode passwords. To decode an AES-encrypted password:
+   - Navigate to your WebSphere Liberty installation directory (e.g., `/opt/ibm/wlp`).
+   - Run the `securityUtility` command with the `decode` option:
+     ```bash
+     bin/securityUtility decode --encoding=aes "YSPuwMQqjeo/DlSNYnUZ3E6z6WLVmEaAtDmMaFg6JCY="
+     ```
+   - **Important Note**: You must run this command from the specific Liberty server instance where the password was originally encrypted, as it relies on the server’s encryption key (stored in files like `bootstrap.properties` or `server.xml` under the `keyStore` configuration). If the key has been customized, you may need to specify the `--key` parameter with the encryption key value.
+
+   If successful, the tool will output the decrypted password.
+
+4. **Alternative: Use a Java Program with WebSphere APIs**  
+   If you’re working with a traditional WebSphere Application Server or need programmatic access, you can use the `com.ibm.websphere.crypto.PasswordUtil` class to decode the password. Here’s an example:
+   ```java
+   import com.ibm.websphere.crypto.PasswordUtil;
+
+   public class DecodePassword {
+       public static void main(String[] args) {
+           String encodedPassword = "{aes}YSPuwMQqjeo/DlSNYnUZ3E6z6WLVmEaAtDmMaFg6JCY=";
+           try {
+               String decodedPassword = PasswordUtil.decode(encodedPassword);
+               System.out.println("Decoded Password: " + decodedPassword);
+           } catch (Exception e) {
+               System.err.println("Error decoding password: " + e.getMessage());
+           }
+       }
+   }
+   ```
+   - **Requirements**: 
+     - This must be run in an environment with WebSphere libraries (e.g., `ws_runtime.jar`) in the classpath.
+     - The program must execute within the WebSphere server context or have access to the encryption key used by the server.
+     - For traditional WebSphere, you can find the required JARs in `<WAS_HOME>/AppServer/plugins/`.
+
+5. **Handling Key Management**  
+   - In Liberty, the default AES key is derived from the server’s configuration. If a custom key was used (e.g., specified in `server.xml` via `<variable name="wlp.password.encryption.key" value="yourCustomKey"/>`), you’ll need to provide it to the `securityUtility` tool or your Java code.
+   - In traditional WebSphere, the encryption key is tied to the `SerializedSystemIni` service, and decoding must occur within the server’s runtime environment.
+
+6. **Verify the Decoded Password**  
+   Once decoded, test the password by connecting to the Oracle database using a tool like SQL*Plus or a simple JDBC test program to ensure it works:
+   ```java
+   import java.sql.Connection;
+   import java.sql.DriverManager;
+
+   public class TestJDBC {
+       public static void main(String[] args) throws Exception {
+           String url = "jdbc:oracle:thin:@//localhost:1521/ORCL";
+           String user = "myuser";
+           String password = "decoded_password_here";
+           Connection conn = DriverManager.getConnection(url, user, password);
+           System.out.println("Connection successful!");
+           conn.close();
+       }
+   }
+   ```
+
+### Key Considerations
+- **Security**: Decoding passwords exposes sensitive information, so perform this operation in a secure environment and avoid logging or storing the plaintext password unnecessarily.
+- **Server-Specific Encryption**: The AES encryption is tied to the specific WebSphere instance. You cannot decode the password on a different server unless you replicate the encryption key and configuration.
+- **Liberty vs. Traditional WebSphere**: The process differs slightly between Liberty and traditional WebSphere. Liberty relies on `securityUtility`, while traditional WebSphere often uses the `PasswordDecoder` class or similar utilities.
+
+If you’re unable to decode the password (e.g., due to missing keys or incorrect server context), you may need to re-encrypt a new password using the same WebSphere instance and update the `server.xml` file accordingly. Let me know if you need further assistance with your specific setup!