| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.tools -> Re: SQL*Net
A copy of this was sent to TurkBear <noone_at_nowhere.com> (if that email address didn't require changing) On Thu, 17 May 2001 11:59:13 -0500, you wrote:
>
>Altho' I haven't looked into it, isn't there a 'Trusted Oracle' version that is
>high security?
>
>"Max7" <joan_toh_at_hotmail.com> wrote:
>
>>This posting seems interesting. Since SQL net transmit clear text to the OS
>>for authenication, is there any way to harden this?
>>
passwords during logon are sent encrypted. They are not transmitted in the clear. repeat: passwords are sent encrypted. everything else is sent in the clear.
There is an option, Advanced Networking, that does full data stream encryption -- so the queries and the data are encrypted as well.
Trusted Oracle, last version was 7.2, has been replaced by Oracle Label Security (implemented with fine grained access control) in later releases. It didn't encrypt data- just protected it from prying eyes at the DML level.
>>"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message
>>news:tg2sq091igi574_at_beta-news.demon.nl...
>>>
>>> "TurkBear" <noone_at_nowhere.com> wrote in message
>>> news:5km2gt8s1f5j9kl9i719dl3q3s2a5cdgqf_at_4ax.com...
>>> > The database does the authentication ( or you can set it up to do OS
>>> > authentication ) at its end, not at the client...I believe, however, the
SqlNet
>>> > transmits its login info ( username, password, servicename ) over the
network in
>>> > clear text, so 'sniffers' may be able to see it..
>>> >
>>> > "Wanghin" <whtoh_at_deloitte.com.sg> wrote:
>>> >
>>> > >Hi,
>>> > >I was wondering how will installation of SQL*Net on the client affect
the
>>> > >security of the access to the oracle database?
>>> > >
>>> > >Heard from someone that sql*net does not authenicate users when they
try
to
>>> > >connect from client side.
>>> > >
>>> > >thanks in advance.
>>> > >
>>> >
>>>
>>> Yeah, it does. But the Enterprise Edition comes with the Advanced
Networking
>>> Option, which will allow you to encrypt *everything* (including your
data),
>>> using various well-known protocols.
>>> So there shouldn't be any concern about sqlnet, provided you want to spend
>>> the $$.
>>>
>>> Regards,
>>>
>>> Sybrand Bakker, Oracle DBA
>>>
>>>
>>>
>>
-- Thomas Kyte (tkyte_at_us.oracle.com) Oracle Service Industries Howtos and such: http://asktom.oracle.com/ Oracle Magazine: http://www.oracle.com/oramag Opinions are mine and do not necessarily reflect those of Oracle CorpReceived on Thu May 17 2001 - 18:28:00 CDT
 |
 |