Enabling password encryption in transit with Oracle JDBC thin client
I have a server with Oracle 11gR2 installed. On a different server, I have a Java web application using the Spring Framework that connects to the database via the Oracle JDBC Thin Driver, ojdbc6.jar.
For security compliance, I'm required to ensure that the database password is encrypted while in transit between the two servers. My understanding is that this would happen automatically if I were using a thick client; however, since I'm using the thin client, this does not happen automatically. My approach then was to set the following fields in SQLNET.ora: SQLNET.ENCRYPTION_SERVER, SQLNET.CRYPTO_CHECKSUM_SERVER, SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER, SQLNET.ENCRYPTION_TYPES_SERVER, SQLNET.CRYPTO_SEED. I also set the equivalent CLIENT fields in the JDBC connection properties. My understanding is that this would encrypt
For security compliance, I'm required to ensure that the database password is encrypted while in transit between the two servers. My understanding is that this would happen automatically if I were using a thick client; however, since I'm using the thin client, this does not happen automatically. My approach then was to set the following fields in SQLNET.ora: SQLNET.ENCRYPTION_SERVER, SQLNET.CRYPTO_CHECKSUM_SERVER, SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER, SQLNET.ENCRYPTION_TYPES_SERVER, SQLNET.CRYPTO_SEED. I also set the equivalent CLIENT fields in the JDBC connection properties. My understanding is that this would encrypt
0