Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.tools -> Re: SQL*Net
Altho' I haven't looked into it, isn't there a 'Trusted Oracle' version that is high security?
"Max7" <joan_toh_at_hotmail.com> wrote:
>This posting seems interesting. Since SQL net transmit clear text to the OS
>for authenication, is there any way to harden this?
>
>"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message
>news:tg2sq091igi574_at_beta-news.demon.nl...
>>
>> "TurkBear" <noone_at_nowhere.com> wrote in message
>> news:5km2gt8s1f5j9kl9i719dl3q3s2a5cdgqf_at_4ax.com...
>> > The database does the authentication ( or you can set it up to do OS
>> > authentication ) at its end, not at the client...I believe, however, the
SqlNet
>> > transmits its login info ( username, password, servicename ) over the
network in
>> > clear text, so 'sniffers' may be able to see it..
>> >
>> > "Wanghin" <whtoh_at_deloitte.com.sg> wrote:
>> >
>> > >Hi,
>> > >I was wondering how will installation of SQL*Net on the client affect
the
>> > >security of the access to the oracle database?
>> > >
>> > >Heard from someone that sql*net does not authenicate users when they
try
to
>> > >connect from client side.
>> > >
>> > >thanks in advance.
>> > >
>> >
>>
>> Yeah, it does. But the Enterprise Edition comes with the Advanced
Networking
>> Option, which will allow you to encrypt *everything* (including your
data),
>> using various well-known protocols.
>> So there shouldn't be any concern about sqlnet, provided you want to spend
>> the $$.
>>
>> Regards,
>>
>> Sybrand Bakker, Oracle DBA
>>
>>
>>
>
Received on Thu May 17 2001 - 11:59:13 CDT