Hello EPA,
You can set TNS_ADMIN variable for specific database and point it to
location different from default $OH/network/admin. In this location you can
have sqlnet.ora separate from sqlnet.ora used by the rest of databases in
this Oracle home, thus not impacting other databases. And if you are on
RAC, then TNS_ADMIN can be set with srvctl per database.
Using SSL/TLS for network encryption has a drawback of expiring
certificates. Native Network Encryption does not have this inconvenience.
However, SSL/TLS is considered stronger because in addition to network
encryption it also protects against man-in-the-middle attack.
Best regards,
Albert
On Sat, Dec 10, 2022 at 9:36 AM EPA <epanosian@xxxxxxxxx> wrote:
Hello,
thank you. I was aware of the SQLNET.ora file, but in my case, there are
other databases using the same Oracle home. If I set ENCRYPTION_SERVER=
REQUIRED, it will impact other clients and if I set up ENCRYPTION_SERVER=
ACCEPTED or REQUESTED, then the target application (client) may/not use
encryption.
Any comments?
EPA
On Fri, Dec 9, 2022 at 9:05 AM Marián Bednár <marian.bednar@xxxxxxxxx>
wrote:
Hi,
Here is the basic description of two encrypting concepts.
Native encryption is easy to configure (transparent for clients) but for
some security officers it hasn't to be perfect.
https://questoraclecommunity.org/learn/blogs/oracle-database-network-encryption-native-vs-tls-ssl/
Oracle docs:
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-network-data-encryption-and-integrity.html
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-secure-sockets-layer-authentication.html
Marian
pi 9. 12. 2022 o 14:45 EPA <epanosian@xxxxxxxxx> napísal(a):
Hello,
What are the requirements to set up encrypted protocols between
applications / Oracle (19c) databases. How to enforce the use of encrypted
protocols (i.e. SSL) to prevent eavesdropping or unauthorized modification
of data in-transit. Disable clear-text services where possible? Sqlnet.ora?
Anybody has done this? What are the cons/pros? What are the steps? What are
shoulds and shouldn'ts?
Thank you,
EPA