Re: Compliance and SSL/TLS Encryption on ODA

Hi Rob,

To be totally safe, you should use PROTOCOL=IPC. I know you said you had a requirement to use PROTOCOL=TCP. Doing so, with the host's IP address, will surely mean the data will need to go across your TCP connection. What I'm not certain about, is whether using localhost (127.0.0.1) instead of actual host IP will do any real good.

If using PROTOCOL=TCP w/ localhost, I'm not sure how many "shortcuts" the Linux kernel includes (if any), to attempt to avoid actually touching the TCP stack.

Obviously, PROTOCOL=IPC is what you really want to use. If you can't, the next fastest would be PROTOCOL=TCP w/ localhost, but from a compliance point of view, I don't know enough about Linux kernel internals to confirm whether or not you're compliant.

-Mark

On Sat, Oct 17, 2020 at 11:05 AM Robert Karch <rkarch_at_teleran.com> wrote:

> I am working with an ODA customer who has a compliance requirement to
> encrypt data on the wire. They have some applications running on the ODA
> server that they would prefer not to have the overhead of encryption and
> decryption. They also want these applications connecting to the Oracle
> listener using TCP/IP. The question that they have is if the application is
> running on the ODA host, and connecting to a TCP listener port, is the
> passed data only available in memory (and therefore still in compliance) or
> is there some possibility of leakage into the network?
>
>
>
> Kindest Regards,
>
>
>
> Rob Karch
>
> Software Architect
>
> Teleran Technologies, Inc.
>
> “Understanding Usage Is Everything”
>
>
>

--
http://www.freelists.org/webpage/oracle-l