We are using ORDS using the standalone server migrated from mod_plsql.
We're on version 19.4 but will be upgrading to the latest version. We are moving to cloud and need to ensure that all network traffic is encrypted. I've been reading a lot of Oracle Notes and documentation and thought at first that the default was a jdbc connection that would be encrypted by defualt, but now I am not so sure. I read too much. I can't find any documentation or evidence in our configuration tha jdbc is being used. We are using basic authentication in our defaults.xml
<properties>
<comment>Saved on Fri Aug 21 15:05:15 ADT 2020</comment>
<entry key="db.hostname">xxxx.xxxx.xx</entry>
<entry key="db.port">1521</entry>
<entry key="db.servicename">XXXXX.XXXX.XX</entry>
<entry key="restEnabledSql.active">true</entry>
</properties>
Is this using a jdbc connection and minimal change would be to set a parameter in the database servers sqlnet.ora? I'm concerned that changing the DB server settings will affect other applications connections.
sqlnet.encryption_server=required
sqlnet.encryption_types_server=(RC4_40)
Do I need to use the tomcat server instead of standalone jetty on the ORDS server?
Do I need to install a jdbc client on the ORDs server (for standalone jetty server or tomcat)?
I am looking for minimal viable product, but will do what needs to be done to secure the traffic of course.
TIA!