Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: SQL*net and secuity
A minor correction. ANO uses CyberSafe for authentication only. Encryption is
performed by specific encryption adapters (RC4 and DES). However, encryption
adapters are included as part of ANO so nothing else has to be purchased.
Rick Rick Wessman Security and Directory Technologies Server Technologies Oracle Corporation rwessman_at_us.oracle.com
David Margrave <david.margrave_at_cybersafe.com> writes:
> Brian,
>
> If security is a major consideration, I'd suggest taking a look at Oracle
> Advanced Networking Option. CyberSafe is one of the supported 3rd party
> authentication adapters, we provice for secure kerberos authentication,
> exchanging a shared session key, and optionally enabling ANO to encrypt
> the entire session. In addition to enhanced security, there's also an
> ease of use benefit since you're authentication with kerberos credentials
> and not by entering your username/password.
>
> David Margrave
> Senior Research Engineer
> CyberSafe Corporation
> david.margrave_at_cybersafe.com
> http://www.cybersafe.com
>
>
> Brian Cameron wrote:
>
> > Hi,
> >
> > We are looking at implementing sql*net access to some of our
> > administrative systems and I have heard varying comments about
> > SQL*Net and secuirty issues. eg
> >
> > "user names and password are passed over a network as clear text and is
> > able to be accessed by a network sniffer"
> >
> > I would like to throw open discussion on SQL*Net and secuity to gater
> > information.
> >
> > Any feedback or pointers to related information would be appreciated.
> >
> > TIA
> >
> > Brian
> >
> > bcamero5_at_metz.une.edu.au
>
Received on Thu Nov 05 1998 - 09:31:55 CST