Re: Securing isqlplus

From: Chuck <chuckh_at_softhome.net>
Date: 16 May 2003 19:39:07 GMT
Message-ID: <Xns937D9F36BC0FCchuckhsofthomenet@130.133.1.4>

Daniel Morgan <damorgan_at_exxesolutions.com> wrote in news:3EC50C81.30395890_at_exxesolutions.com:

> Chuck wrote:
>

>> I'm looking to encrypt network traffic to/from my isqlplus web
>> server. I don't want to go through the hassle of getting a
>> certificate from a CA. I just want to encrypt the session similar to
>> ssh mainly so that passwords are not transmitted in plain text.
>>
>> Can anyone tell me how do to this or point me to the documentation
>> for it? 
>>
>> Thanks.

>
> What makes you think iSQL*Plus sends unencrypted passwords anywhere?
> --
> Daniel Morgan
> http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
> damorgan_at_x.washington.edu
> (replace 'x' with a 'u' to reply)
>
>

From the isqlplus help file at :

http://download-west.oracle.com/docs/cd/B10501_ 01/server.920/a90842/ch10.htm#1006169

"In iSQL*Plus, security for the connection between the web browser and the Oracle HTTP Server is provided by standard HTTPS, which is fully supported by Oracle. It enables secure listener connections with an Oracle-provided encryption mechanism via the Secure Sockets Layer (SSL). It can be implemented when installing the Oracle HTTP Server by installing the mod_ssl module. For detailed information about implementing HTTPS security in Oracle, see the Oracle Advanced Security Administrator's Guide."

If I'm reading this right, you need to configure https to get any encryption between the browser and the http server. Received on Fri May 16 2003 - 14:39:07 CDT