Re: Bequeath connections
From: Shakespeare <whatsin_at_xs4all.nl>
Date: Fri, 29 Jan 2010 20:17:50 +0100
Message-ID: <4b63344c$0$22944$e4fe514c_at_news.xs4all.nl>
Op 29-1-2010 20:10, Maxim Demenko schreef:
> On 29.01.2010 18:17, joel garry wrote:
> Afaik, in the base product secured is only password transfer, nothing
> more, if you want your data to be transferred secure, you'll need either
> use secure channel (ipsec,tunnel over ssh,etc) or enable advanced
> security option. To my knowledge, ASO is installed, if you select
> enterprise edition, you can only deselect it if you choose custom
> install. The fact, that it is not reflected in
> dba_feature_usage_statistics is explained in the Note 843077.1
> <quote>
> The code changes in 10.2.0.4 has isolated Oracle Advanced Security
> options as a set of adapters rather than feature in the database , due
> to which ASO should not be seen in DBA_FEATURE_USAGE_STATISTICS itself .
> </quote>
> However, due to bug 5475037 it still may be shown there.
> Whether the ASO is installed, can be verified with the shell script
> adapters, which yield output similar to
> oracle$ adapters
> Installed Oracle Net transport protocols are:
> IPC
> BEQ
> TCP/IP
> SSL
> RAW
> SDP/IB
> Installed Oracle Net naming methods are:
> Local Naming (tnsnames.ora)
> Oracle Directory Naming
> Oracle Host Naming
> Error!!! Oracle Names Server Naming is not completely installed!
> Installed Oracle Advanced Security options are:
> RC4 40-bit encryption
> RC4 56-bit encryption
> RC4 128-bit encryption
> RC4 256-bit encryption
> DES40 40-bit encryption
> DES 56-bit encryption
> 3DES 112-bit encryption
> 3DES 168-bit encryption
> AES 128-bit encryption
> AES 192-bit encryption
> AES 256-bit encryption
> MD5 crypto-checksumming
> SHA-1 crypto-checksumming
> Kerberos v5 authentication
> RADIUS authentication
> I think, to install ASO is not a violation against license terms, if it
> is not used, however i'm not sure, how oracle track the usage of it (as
> opposite to options in dba_feature_usage_statistics).
> To deinstall ASO the most straightforward way would be via launch
> runInstaller.
> There is a Note 1020065.102 which describes, how to remove all external
> references to authentication adapters for Oracle 7.3, which basically
> consists of regeneration of nautab.o (the script genautab produces the
> code) and recompilation all oracle components (rdbms, network, etc),
> but, it seems, genautab is no more included since oracle 9i (in Oracle
> 8i it is still here), and, maybe the process doesn't fully apply to
> recent Oracle versions, so the Oracle Installer would be the right choice.
> Best regards
>
> Maxim
Date: Fri, 29 Jan 2010 20:17:50 +0100
Message-ID: <4b63344c$0$22944$e4fe514c_at_news.xs4all.nl>
Op 29-1-2010 20:10, Maxim Demenko schreef:
> On 29.01.2010 18:17, joel garry wrote:
>> On Jan 29, 1:47 am, Shakespeare<what..._at_xs4all.nl> wrote: >>> Op 29-1-2010 3:30, vsevolod afanassiev schreef:> Thanks for this >>> information. It seems that there are 4 lines in this >>>> view for each session. >>>> If session connected through listener then first line has >>>> network_service_banner = 'TCP/IP NT Protocal Adapter' >>>> If session connected through Bequeath then first line has >>>> network_service_banner = 'Oracle Bequeath Network Protocol Adapter' >>> >>>> What's about next 3 lines? They start from 'Oracle Advanced >>>> Security...' - I thought that >>>> Advanced Security is separately licensed option - and we don't even >>>> install it! >>> >>> Then maybe your DBA forgot to deactivate it. If you don't do so, the >>> License Police may require you to pay the license.... even if you NEVER >>> used it. >>> >>> Shakespeare >> >> Hmmm, I see the four entries per connection, but I don't see anything >> about Advanced Security in DBA_FEATURE_USAGE_STATISTICS or V_$OPTION >> (10.2.0.4). >> >> Maybe this is evidence of one of those things that are there for >> Oracle internal usage but not generally seen unless you install it? I >> don't have an Advanced Security to check. Given the high visibility >> of security issues, I would hope the base product would be secure... >> >> jg >> -- >> _at_home.com is bogus. >> The perfectability of spam >> http://www.newscientist.com/article/mg20527446.000-to-beat-spam-turn-its-own-weapons-against-it.html?haasFormId=46aa9eea-8158-4b87-8d70-3994c2a1bd64&haasPage=0 >> >
> Afaik, in the base product secured is only password transfer, nothing
> more, if you want your data to be transferred secure, you'll need either
> use secure channel (ipsec,tunnel over ssh,etc) or enable advanced
> security option. To my knowledge, ASO is installed, if you select
> enterprise edition, you can only deselect it if you choose custom
> install. The fact, that it is not reflected in
> dba_feature_usage_statistics is explained in the Note 843077.1
> <quote>
> The code changes in 10.2.0.4 has isolated Oracle Advanced Security
> options as a set of adapters rather than feature in the database , due
> to which ASO should not be seen in DBA_FEATURE_USAGE_STATISTICS itself .
> </quote>
> However, due to bug 5475037 it still may be shown there.
>
> Whether the ASO is installed, can be verified with the shell script
> adapters, which yield output similar to
>
> oracle$ adapters
>
> Installed Oracle Net transport protocols are:
>
> IPC
> BEQ
> TCP/IP
> SSL
> RAW
> SDP/IB
>
> Installed Oracle Net naming methods are:
>
> Local Naming (tnsnames.ora)
> Oracle Directory Naming
> Oracle Host Naming
> Error!!! Oracle Names Server Naming is not completely installed!
>
> Installed Oracle Advanced Security options are:
>
> RC4 40-bit encryption
> RC4 56-bit encryption
> RC4 128-bit encryption
> RC4 256-bit encryption
> DES40 40-bit encryption
> DES 56-bit encryption
> 3DES 112-bit encryption
> 3DES 168-bit encryption
> AES 128-bit encryption
> AES 192-bit encryption
> AES 256-bit encryption
> MD5 crypto-checksumming
> SHA-1 crypto-checksumming
> Kerberos v5 authentication
> RADIUS authentication
> >
> I think, to install ASO is not a violation against license terms, if it
> is not used, however i'm not sure, how oracle track the usage of it (as
> opposite to options in dba_feature_usage_statistics).
>
> To deinstall ASO the most straightforward way would be via launch
> runInstaller.
> There is a Note 1020065.102 which describes, how to remove all external
> references to authentication adapters for Oracle 7.3, which basically
> consists of regeneration of nautab.o (the script genautab produces the
> code) and recompilation all oracle components (rdbms, network, etc),
> but, it seems, genautab is no more included since oracle 9i (in Oracle
> 8i it is still here), and, maybe the process doesn't fully apply to
> recent Oracle versions, so the Oracle Installer would be the right choice.
>
> Best regards
>
> Maxim
To my experience, Oracle LMS (License Management Services) checks if the option is unchecked in Enterprise Manager. I am not sure though, if this option still shows up there, have no installation available at the moment. For other options/packs: a check means installed means used means have to pay (according to Oracle).
Shakespeare Received on Fri Jan 29 2010 - 13:17:50 CST