We use the network encryption feature of the Advanced Security option. From what we found, if you set the listener to required encryption, a 9i client without the correct sqlnet.ora values will fail to connect but a 10g client will still connect by negotiating an encrypted connection (if the sqlnet.ora is not correct). While it is best if everyone is just configured correctly, this is a case that causes me to push all of the development groups be on client versions 10g+ -- //www.freelists.org/webpage/oracle-l