Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Confused about security on WebServer Apps

Re: Confused about security on WebServer Apps

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: 1998/01/12
Message-ID: <34ba0cb1.2142640@inet16>#1/1 







On Mon, 12 Jan 1998 11:16:00 +0800, Stephen Mollica <smollica_at_hotmail.com>
wrote:



>I am about to start developing an Oracle WebServer 2.1.1 application and

>would like to know what security measures/encryption measures are built

>into the product, or if there are none, how I can add some security to

>the application.

>

>I have read that WebServer does not allow the use of the Secured Socket

>Layer when using the PL*SQL cartridge.  Is this still the case or has

>Oracle fixed this problem?.  And if they have, how does the SSL relate

>to Web applications?  Also WebServer is supposed to be able to use the

>RSA encryption engine.  If so how does this work, as well?

>




That has never been true for any version of the webserver that has supported
SSL, SSL is supported for any and all cartridges.



SSL 2.0 relates to Webserver applications in the following ways:






So, in a nutshell, SSL2.0 allows you to securely transmit a credit card number
for example (its encrypted) AND it allows you to be certain the webserver you
are transmitting it to is the one you think it is (positive server
identification).  SSL 2.0 is mostly for the peace of mind of the user running
the browser, most of the advantages of SSL 2.0 are theirs.




SSL 3.0 adds positive identification for clients as well.  In SSL 3.0, the
webserver can use the same process to ID the client as the client did in SSL 2.0
to ID the server.



This is how webserver uses the RSA encryption engine -- thats the engine behind
SSL.





>Any explanations on this topic would be greatly appreciated.

>

>Thanks

>Stephen Mollica

>Stephen.Mollica_at_health.wa.gov.au


 


Thomas Kyte


tkyte_at_us.oracle.com


Oracle Government


Bethesda MD
 


http://govt.us.oracle.com/    -- downloadable utilities
 




Opinions are mine and do not necessarily reflect those of Oracle Corporation
 


Anti-Anti Spam Msg: if you want an answer emailed to you, 
you have to make it easy to get email to you.  Any bounced
email will be treated the same way i treat SPAM-- I delete it.
Received on Mon Jan 12 1998 - 00:00:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US