Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 11i login encryption?
On 20 Feb 2006 13:43:22 -0800, fwrogue_at_gmail.com wrote:
>Hi,
>
>I am trying to understand the risk of implementing Oracle Federal
>Financials 11i and not implementing SSL encryption.
>
>If you do not configure SSL, when you login to the application are you
>username and password sent in clear text from your browser to the
>application server? And after login, if you do not use SSL, is
>information sent in clear text to the app server across your internal
>network?
>
>Any help from any guru's out there is greatly appreciated.
>
>I've been trying to research on metalink, but can only find
>documentation on how to setup SSL but can't find anything on how Oracle
>11i authenticates out of the box.
>
>Thanks in advance for any help you can give!
>
>-Ryan
Traffic between the app server and the database is sqlnet traffic, the app server acting as a client to the database. sqlnet traffic is by default not encrypted, and every resultset is being sent as clear text.
-- Sybrand Bakker, Senior Oracle DBAReceived on Mon Feb 20 2006 - 17:15:30 CST