Home » RDBMS Server » Security » Oracle Advanced Security (Oracle 10g,Linux 2.6)
Oracle Advanced Security [message #484876] Fri, 03 December 2010 08:53 Go to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Is Oracle Advanced Security installed default while installing Oracle Enterprise edition or we need to install it additionally.
Is it possible to use only SSL and wallet to secure the network between the apps and database with the default installation of Oracle Enterprise Edition?
Re: Oracle Advanced Security [message #484889 is a reply to message #484876] Fri, 03 December 2010 09:37 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
Is Oracle Advanced Security installed default while installing Oracle Enterprise edition or we need to install it additionally.

No, you have to install it and you have to pay before install it.

Quote:
Is it possible to use only SSL and wallet to secure the network between the apps and database with the default installation of Oracle Enterprise Edition?

These are 2 different things.
SSL, no, not in a supported way.
Wallet regroups a number of features, which are you talking about? Oracle Secure Password Store?

Regards
Michel
Re: Oracle Advanced Security [message #484892 is a reply to message #484889] Fri, 03 December 2010 10:01 Go to previous messageGo to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Thank you Michel for your response.
Oracle Advanced Security consists of many features but we only looking for SSL and it would be a waste to purchase this option.

The scenario is of corporate LAN,the Database Server and the Client PC's(running SQL Workbench) are on the same subnet so we cannot create any VPN network and creating a ssh tunnel for every user is not feasible.The Database listener listens on TCP port 1521 so when a users run a query and it passes through the network unencrypted.
I came across documentation which states that to use TCPS on port 2484 one need to use wallet(store certificate) and Oracle Advanced Security option should be installed.

[Updated on: Fri, 03 December 2010 10:04]

Report message to a moderator

Re: Oracle Advanced Security [message #484894 is a reply to message #484892] Fri, 03 December 2010 10:04 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>we only looking for SSL and it would be a waste to purchase this option.

user<=>browser<=>WebServer<=>ApplicationServer<=>DatabaseServer
Above is typical 3 tier environment & SSL only exists between browser & WebServer.
SSL rarely, if ever, gets close to the DB!

[Updated on: Fri, 03 December 2010 10:05]

Report message to a moderator

Re: Oracle Advanced Security [message #484895 is a reply to message #484892] Fri, 03 December 2010 10:09 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
I came across documentation which states that to use TCPS on port 2484 one need to use wallet(store certificate) and Oracle Advanced Security option should be installed.

Always post a link to the documentation you refer so we are able to also read it.

Regards
Michel
Re: Oracle Advanced Security [message #484896 is a reply to message #484894] Fri, 03 December 2010 10:09 Go to previous messageGo to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Developer<=>---Network---<=>Database
Why the Oracle Documentation says Listener TCPS 2484 and TCP 1521 ?
Re: Oracle Advanced Security [message #484897 is a reply to message #484896] Fri, 03 December 2010 10:11 Go to previous messageGo to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Below is the link (TCP/IP with SSL Protocol Support)
http://download.oracle.com/docs/html/B10812_06/chapter5.htm
Re: Oracle Advanced Security [message #484899 is a reply to message #484892] Fri, 03 December 2010 10:26 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>The scenario is of corporate LAN,the Database Server and the Client PC's(running SQL Workbench)

http://www.sql-workbench.net/
"SQL Workbench/J is a free, DBMS-independent, cross-platform SQL query tool. It is written in Java"

SQL Workbench does not speak HTTPS so question makes NO sense!
Re: Oracle Advanced Security [message #484900 is a reply to message #484897] Fri, 03 December 2010 10:35 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
preet_kumar wrote on Fri, 03 December 2010 17:11
Below is the link (TCP/IP with SSL Protocol Support)
http://download.oracle.com/docs/html/B10812_06/chapter5.htm

As soon as you say SSL, you implies ASO, so license.

By the way, it is faster, easier and better (imo) to use Oracle network native encryption and not SSL with wallet management. You can configure it in less than 10 minutes.

Regards
Michel

Re: Oracle Advanced Security [message #484901 is a reply to message #484900] Fri, 03 December 2010 10:58 Go to previous messageGo to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Thanks Michel.
Could you please refer me some any Documentation to use network native encryption with wallet management without using Oracle Advanced Security.
That would be great to get it working in 10min as you have mentioned.
Re: Oracle Advanced Security [message #484902 is a reply to message #484901] Fri, 03 December 2010 11:17 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
I will do more than that, I wrote a small article in the wiki, see Network Encryption. You will see how easy it is to configure it (I even think it is preinstalled with Entreprise Edition, so you can make a test -- but can't use it in production without ASO).

Note: You MUST purchase ASO/OAS option to use it.

Regards
Michel

[Updated on: Fri, 03 December 2010 11:27]

Report message to a moderator

Re: Oracle Advanced Security [message #485114 is a reply to message #484902] Mon, 06 December 2010 05:08 Go to previous messageGo to next message
preet_kumar
Messages: 204
Registered: March 2007
Senior Member
Thanks once again Michel for the great article.
This only made us to think if we should Migrate from Oracle to other Database as for every small feature one cannot purchase the entire package.
MS SQL supports network encryption without any additional cost then why Oracle is special in this competitive market?
http://msdn.microsoft.com/en-us/library/ms189067.aspx
Re: Oracle Advanced Security [message #485189 is a reply to message #485114] Mon, 06 December 2010 12:16 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
And Oracle supports some stuff that SQL Server does not or with an additional costs...
Each editor chooses its options from its history and customers.

Regards
Michel

[Updated on: Mon, 06 December 2010 12:16]

Report message to a moderator

Previous Topic: Is it possible to create a new directory on linux fs from oracle
Next Topic: Restricting User access
Goto Forum:
  


Current Time: Fri Mar 29 06:50:18 CDT 2024