Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OAS Question

Re: OAS Question

From: Maxim Demenko <mdemenko_at_arcor.de>
Date: Tue, 15 Nov 2005 18:46:25 +0100
Message-ID: <437a1f3a$0$21947$9b4e6d93@newsread2.arcor-online.net>


art_at_chicagorsvp.com schrieb:
> Hi All,
>
> I have a quick question on Oracle Advanced Security.
>
> We have OAS installed here. We need to encrypt some data during
> transmission. If OAS is enabled, does that mean that the data is also
> encrypted during transmission? Or does it just mean that the
> connection between the client & server or client & client is a
> 'secured' connection?

I am not sure, what do you understand under 'secured' connection. In my opinion, this is a term which means, given network connection ensures data privacy and data integrity. The data privacy will be achieved by means of encryption of transmitted data with a cipher algorithm which is commonly known as secure ( 3DES, AES etc). Commonly known methods such as SSL,TLS,IPsec all encrypt data during the transmission.

OAS has a subset of features which is related to the securing of network   transmission ( indeed it is much more than only securing network, but apparently , you are interesting only for this aspect ). Basically it is done on the similar way , the transmitted data is encrypted ( details , such as available cipher suites, may vary, IIRC the strongest cipher in SSL is 3DES and in Oracle Advanced Security - AES). It should be also configured accordingly on the server and client side to work properly ( also it is unlcear, what you do mean under "is enabled" ), then the data transmitted is encrypted.

>
> I was also looking at DBMS_OBFUSCATION_TOOLKIT to encrypt the data. If
> OAS is installed and enabled, is the data encrypted during
> transmission, kind of like that I would see if I encrypted data using
> the above package?

Yes, but as you never know the encryption key used by a session, so you will never see exactly the same data sent over network, as you would see by encryption with DBMS_OBFUSCATION_TOOLKIT

>
> Thanks in advance for the tips and explanation.
>

In general , i'd recommend you some reading in the original documentation on this topic
http://download-uk.oracle.com/docs/cd/B19306_01/network.102/b14268/asointro.htm#sthref37

For Oracle Security related questions you might be interesting to visit site of Pete Finnegan
http://www.petefinnigan.com/

He has also a web forum , where you can ask your questions (after registration) as well

Best regards

Maxim Received on Tue Nov 15 2005 - 11:46:25 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US