Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: internet secure solutions

RE: internet secure solutions

From: Orr, Steve <>
Date: Fri, 09 Jan 2004 11:44:35 -0800
Message-ID: <>

Is all SQL*Net traffic between the app server and the database server? In other words, is all traffic secure where packets cannot be sniffed? Or do you need to encrypt the SQL query result set data going from the server to an unknown client? I believe that's what Oracle Advanced Security gives you.

If you just want to limit access to the database server and you're using tcp you can put the following entries into the $ORACLE_HOME/network/admin/sqlnet.ora file: TCP.VALIDNODE_CHECKING=yes
TCP.INVITED_NODES=(,mydbaworkstation.mycompay.c om)

Regardless of Oracle implementation, isn't a firewall a mandatory part of the equasion?

Steve Orr
Bozeman, Montana  

-----Original Message-----
Sent: Friday, January 09, 2004 11:29 AM
To: Multiple recipients of list ORACLE-L

Running Oracle 9i and Solaris 2.9.

It appears to me that the solution can be hardware based or Oracle based then. Which brings up questions about cost versus administration versus reliability. Hmmm.

-----Original Message-----
Paul Drake
Sent: Friday, January 09, 2004 12:49 PM
To: Multiple recipients of list ORACLE-L


how about some OS and database server version info? It wouldn't surprise me if SysAdmin Mag has an article on exactly this.

Will more than just OracleNet traffic need to be encrypted? If so, then an ssh tunnel (or some other vpn solution) might make more sense.

One method is entirely physical:

private network (non-virtual)
additional NICs + crossover cable

but that would require that you run a firewall on the server housing the database, as the application server is in an untrusted network. As it circumvents the existing firewall, it could get you fired for violating the site security policy, so it isn't necessarily a good solution. But its one worth considering.

I really like using dedicated point to point connections between app server and database server where both servers have dual integrated gigabit cards, no one has coughed up the funds for switched gigabit ethernet ports and one of the integrated gigabit nics is unused (for a fat client/server app). but it does not scale for several hosts.


Please see the official ORACLE-L FAQ:
Author: Orr, Steve

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Jan 09 2004 - 13:44:35 CST

Original text of this message