Re: Bequeath connections
Date: Fri, 29 Jan 2010 20:10:57 +0100
Message-ID: <4b6332bf$0$6591$9b4e6d93_at_newsspool3.arcor-online.net>
On 29.01.2010 18:17, joel garry wrote:
> On Jan 29, 1:47 am, Shakespeare<what..._at_xs4all.nl> wrote:
>> Op 29-1-2010 3:30, vsevolod afanassiev schreef:> Thanks for this information. It seems that there are 4 lines in this
>>> view for each session.
>>> If session connected through listener then first line has
>>> network_service_banner = 'TCP/IP NT Protocal Adapter'
>>> If session connected through Bequeath then first line has
>>> network_service_banner = 'Oracle Bequeath Network Protocol Adapter'
>>
>>> What's about next 3 lines? They start from 'Oracle Advanced
>>> Security...' - I thought that
>>> Advanced Security is separately licensed option - and we don't even
>>> install it!
>>
>> Then maybe your DBA forgot to deactivate it. If you don't do so, the
>> License Police may require you to pay the license.... even if you NEVER
>> used it.
>>
>> Shakespeare
>
> Hmmm, I see the four entries per connection, but I don't see anything
> about Advanced Security in DBA_FEATURE_USAGE_STATISTICS or V_$OPTION
> (10.2.0.4).
>
> Maybe this is evidence of one of those things that are there for
> Oracle internal usage but not generally seen unless you install it? I
> don't have an Advanced Security to check. Given the high visibility
> of security issues, I would hope the base product would be secure...
>
> jg
> --
> _at_home.com is bogus.
> The perfectability of spam
> http://www.newscientist.com/article/mg20527446.000-to-beat-spam-turn-its-own-weapons-against-it.html?haasFormId=46aa9eea-8158-4b87-8d70-3994c2a1bd64&haasPage=0
Afaik, in the base product secured is only password transfer, nothing
more, if you want your data to be transferred secure, you'll need either
use secure channel (ipsec,tunnel over ssh,etc) or enable advanced
security option. To my knowledge, ASO is installed, if you select
enterprise edition, you can only deselect it if you choose custom
install. The fact, that it is not reflected in
dba_feature_usage_statistics is explained in the Note 843077.1
<quote>
The code changes in 10.2.0.4 has isolated Oracle Advanced Security
options as a set of adapters rather than feature in the database , due
to which ASO should not be seen in DBA_FEATURE_USAGE_STATISTICS itself .
</quote>
However, due to bug 5475037 it still may be shown there.
Whether the ASO is installed, can be verified with the shell script adapters, which yield output similar to
oracle$ adapters
Installed Oracle Net transport protocols are:
IPC
BEQ
TCP/IP
SSL
RAW
SDP/IB
Installed Oracle Net naming methods are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Error!!! Oracle Names Server Naming is not completely installed!
Installed Oracle Advanced Security options are:
RC4 40-bit encryption
RC4 56-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
AES 256-bit encryption
MD5 crypto-checksumming
SHA-1 crypto-checksumming
Kerberos v5 authentication
RADIUS authentication
I think, to install ASO is not a violation against license terms, if it is not used, however i'm not sure, how oracle track the usage of it (as opposite to options in dba_feature_usage_statistics).
To deinstall ASO the most straightforward way would be via launch
runInstaller.
There is a Note 1020065.102 which describes, how to remove all external
references to authentication adapters for Oracle 7.3, which basically
consists of regeneration of nautab.o (the script genautab produces the
code) and recompilation all oracle components (rdbms, network, etc),
but, it seems, genautab is no more included since oracle 9i (in Oracle
8i it is still here), and, maybe the process doesn't fully apply to
recent Oracle versions, so the Oracle Installer would be the right choice.
Best regards
Maxim Received on Fri Jan 29 2010 - 13:10:57 CST