Re: Securing isqlplus

From: Chuck <chuckh_at_softhome.net>
Date: 20 May 2003 15:54:39 GMT
Message-ID: <Xns9381792902D7Cchuckhsofthomenet@130.133.1.4>

Alison Holloway <Xalison.holloway_at_oracle.comX> wrote in news:3EC98024.5060405_at_oracle.comX:

> Chuck wrote:

>> 
>> It looks like it does on NT. On unix, it turns out it was just a
>> matter of starting apache with the "startssl" command intead of
>> "start". 
>> 
>> The next question is how secure is it to use the demo certificate if
>> all I want to do is encrypt data? I don't care about authentication
>> at all since I am dialing in to a private network. I just want to be
>> sure that if I am using a wireless device that passwords are
>> encrypted all the way through so they are not compromised between the
>> device and the provider. Anyone who understands SSL please chime in.

>
> The temporary certificate is fine for testing and will encrypt all
> traffic between the browser/wireless device and the server. Be warned
> that it will expire fairly quickly -- can't remember the exact length
> of time it is valid, but the certificate should tell you. You should
> not use the temporary certificate ina production environment. You may
> want to read the Oracle doc on PKI to give you an understanding of
> SSL:
>
> http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96582/pk
> i.htm
>
> Alison
>
>

The certificate doesn't exire until 11/13/2027. There are some instructions I came accross on metalink that describe how to generate your own self signed temporary certificate with openssl. That certificate expires after 30 days. For my purposes I'm just going to use the 2027 one. All I need is encryption and my data should only be exposed between the wireless modem and the provider. With both SSL at the protocol level, and frequency hopping between the phone and provider, I feel pretty safe that neither passwords or data will be compromised. Received on Tue May 20 2003 - 10:54:39 CDT