Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 11i login encryption?

Re: Oracle 11i login encryption?

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Tue, 21 Feb 2006 00:15:30 +0100
Message-ID: <j8jkv19d8ho86369r3qj6tcp2h9aiovq5d@4ax.com>


On 20 Feb 2006 13:43:22 -0800, fwrogue_at_gmail.com wrote:

>Hi,
>
>I am trying to understand the risk of implementing Oracle Federal
>Financials 11i and not implementing SSL encryption.
>
>If you do not configure SSL, when you login to the application are you
>username and password sent in clear text from your browser to the
>application server? And after login, if you do not use SSL, is
>information sent in clear text to the app server across your internal
>network?
>
>Any help from any guru's out there is greatly appreciated.
>
>I've been trying to research on metalink, but can only find
>documentation on how to setup SSL but can't find anything on how Oracle
>11i authenticates out of the box.
>
>Thanks in advance for any help you can give!
>
>-Ryan

Traffic between the app server and the database is sqlnet traffic, the app server acting as a client to the database. sqlnet traffic is by default not encrypted, and every resultset is being sent as clear text.

--
Sybrand Bakker, Senior Oracle DBA
Received on Mon Feb 20 2006 - 17:15:30 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US