If you are using local connection 127.0.0.1 then the data never crosses onto
the wire meaning exiting the server and coming back in.
It only hits the IP stack and is returned to internal processes.
If you use the local server name it again will hit the tcp-ip stack and not
leave the host.
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> On Behalf
Of Mark J. Bobak
Sent: Saturday, October 17, 2020 12:13 PM
To: Robert Karch <rkarch@xxxxxxxxxxx>
Subject: Re: Compliance and SSL/TLS Encryption on ODA
To be totally safe, you should use PROTOCOL=IPC. I know you said you had a
requirement to use PROTOCOL=TCP. Doing so, with the host's IP address, will
surely mean the data will need to go across your TCP connection. What I'm not
certain about, is whether using localhost (127.0.0.1) instead of actual host IP
will do any real good.
If using PROTOCOL=TCP w/ localhost, I'm not sure how many "shortcuts" the Linux
kernel includes (if any), to attempt to avoid actually touching the TCP stack.
Obviously, PROTOCOL=IPC is what you really want to use. If you can't, the next
fastest would be PROTOCOL=TCP w/ localhost, but from a compliance point of
view, I don't know enough about Linux kernel internals to confirm whether or
not you're compliant.
On Sat, Oct 17, 2020 at 11:05 AM Robert Karch <rkarch@xxxxxxxxxxx
<mailto:rkarch@xxxxxxxxxxx> > wrote:
I am working with an ODA customer who has a compliance requirement to encrypt
data on the wire. They have some applications running on the ODA server that
they would prefer not to have the overhead of encryption and decryption. They
also want these applications connecting to the Oracle listener using TCP/IP.
The question that they have is if the application is running on the ODA host,
and connecting to a TCP listener port, is the passed data only available in
memory (and therefore still in compliance) or is there some possibility of
leakage into the network?
Teleran Technologies, Inc.
“Understanding Usage Is Everything”