| Network data Encryption between oracle client adn server on unix [message #459218] |
Fri, 04 June 2010 00:55  |
wasimshaikh1985
Messages: 7
Registered: June 2010
Location: Mumbai
|
Junior Member |
|
|
Hi All,
We have an application that fetches and writes data into oracle database through pro c. oracle datyabase is on another server.
We are storing some secure information into oracle database so we want to encrypt the data sent by our aplication into oracle database.We do not want to use SSL(i.e certificates) and also do not want to make use of Advance Security Option available in oracle and also do not want to make any changes in sqlnet.ora file on server side.
Is there any way to acheive encryption of traffic between our application and Oracle database or any third party tool that can help us solve the problem.
Thanks in advance.
|
|
|
|
|
|
| Re: Network data Encryption between oracle client adn server on unix [message #459224 is a reply to message #459219] |
Fri, 04 June 2010 01:23  |
wasimshaikh1985
Messages: 7
Registered: June 2010
Location: Mumbai
|
Junior Member |
|
|
Thanks for you input.
I will explain you in detail:
Our application[MAIN application] is a form which has many applications[SUB APPLICATIONS] attached to it.
user has to just login to our MAIN application using user id and password, but for logging into SUB APPLICATION is a Single Sign On process which means user does not has to provide login credentials while accessing SUB APPLICATIONS. The user id and Password for this SUB APPLICATIONS is stored in oracle database, whenever user tries to Login to SUB APPLICATIONS these credentials are fetched from oracle databse.We want to encrypt this credentials.we cannot do encryption for SUB APPLICATIONS since user does not know the password for accessing these SUB APPLICATIONS.and these passwords for SUB APPLICATIONS are refreshed regularly by MAIN APPLICATION.
Thanks
|
|
|
|
|
|
|
|
|
|
| Re: Network data Encryption between oracle client adn server on unix [message #459238 is a reply to message #459232] |
Fri, 04 June 2010 02:07 |
 |
Michel Cadot
Messages: 68641
Registered: March 2007
Location: Nanterre, France, http://...
|
Senior Member
Account Moderator |
|
|
Quote:I want to protect the data that i am sending to oracle database from extrenal threat.as currently we are sending it in clear text format.
So you have only 2 options:
- encrypt the network
- encrypt the data in the application
If you don't want to use SSL or Oracle native network encryption, you cannot achieve the first one.
If you don't want or cannot change the application, you cannot achieve the second one.
Quote:we have an exe which works as client and sending some SQL statements as follows:
ALTER USER abc IDENTIFIED BY pwd;
NEVER use this statement to change a password, use the Oracle native change password function of your API that transmits the password encrypted.
Regards
Michel
[Updated on: Fri, 04 June 2010 04:27] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
