3 Replies Latest reply: Apr 24, 2012 4:54 PM by JustinCave RSS

    easiest security for oracle client-server packets

    user426
      I noticed that by using Wireshark, I am able to see quite a bit of text (data communication) between Oracle client and server. What is the easiest way to encrypt packet traffic between client and server? Ideally, the encryption method would just involve using a startup parameter on the command line that starts Oracle and not involve any changes to Oracle clients. Thank you.
        • 1. Re: easiest security for oracle client-server packets
          JustinCave
          If you are using Oracle Advanced Security (an extra-cost option on top of the enterprise edition license), you can specify on the client and on the server file whether each side accepts, requires, or rejects encryption and which encryption algorithms each side supports. When a client connects, a negotiation will take place and the connection will be encrypted appropriately (i.e. if the client supports encryption and the server requires encryption then the connection will be encrypted).

          Justin
          • 2. Re: easiest security for oracle client-server packets
            user426
            Thanks for the reply Justin, but I was looking for an easy solution that did not include an extra purchase and client-side work.
            • 3. Re: easiest security for oracle client-server packets
              JustinCave
              That's the Oracle-supported method to encrypt the data sent over the network.

              You could, obviously, configure something like a VPN or secure port forwarding on each client machine and require that the clients connect to the VPN in order to access the database. That's probably cheaper but generally more work to deal with and harder to audit/ monitor since you can't just tell the database to require an encrypted connection.

              Justin