Hi Rob,
To be totally safe, you should use PROTOCOL=IPC. I know you said you had a
requirement to use PROTOCOL=TCP. Doing so, with the host's IP address,
will surely mean the data will need to go across your TCP connection.
What I'm not certain about, is whether using localhost (127.0.0.1) instead
of actual host IP will do any real good.
If using PROTOCOL=TCP w/ localhost, I'm not sure how many "shortcuts" the
Linux kernel includes (if any), to attempt to avoid actually touching the
TCP stack.
Obviously, PROTOCOL=IPC is what you really want to use. If you can't, the
next fastest would be PROTOCOL=TCP w/ localhost, but from a compliance
point of view, I don't know enough about Linux kernel internals to confirm
whether or not you're compliant.
-Mark
On Sat, Oct 17, 2020 at 11:05 AM Robert Karch <rkarch@xxxxxxxxxxx> wrote:
I am working with an ODA customer who has a compliance requirement to
encrypt data on the wire. They have some applications running on the ODA
server that they would prefer not to have the overhead of encryption and
decryption. They also want these applications connecting to the Oracle
listener using TCP/IP. The question that they have is if the application is
running on the ODA host, and connecting to a TCP listener port, is the
passed data only available in memory (and therefore still in compliance) or
is there some possibility of leakage into the network?
Kindest Regards,
Rob Karch
Software Architect
Teleran Technologies, Inc.
“Understanding Usage Is Everything”
