Re: Encryption over Database Link
- From: Wayne Smith <wts@xxxxxxxxx>
- To: k3nnyp@xxxxxxxxx, oracle-l@xxxxxxxxxxxxx
- Date: Fri, 6 Jun 2014 02:25:02 -0400
I think you'll find Oracle has removed encrypted transfers from the
licensed advanced security. Discussions someplace on oracle-l.
Cheers, Wayne
On Jun 5, 2014 1:00 PM, "Kenny Payton" <k3nnyp@xxxxxxxxx> wrote:
> Even uglier take a look at ssh tunnels. Cheap and works but you’d want a
> good amount of monitoring wrapped around such a solution and the source
> side would need pretty fast cpu’s or multiple tunnels. A VPN solution
> seems to be your best bet. That would also allow you to control other
> types of traffic. Advanced Security can be expensive but would get you
> encrypted SQLNet but would need to be licensed on both sides.
>
> ssh -f oracle@10.0.0.28 -L 1569:10.0.0.28:1560 -N -C -c blowfish-cbc
>
>
>
>
>
>
> On Jun 5, 2014, at 12:34 PM, Chris Taylor <
> christopherdtaylor1994@xxxxxxxxx> wrote:
>
> I wonder if you could setup a VPN connector on the remote host and use a
> VPN connection from the your server into the remote host and route your
> sqlnet connection (via tns) over the VPN tunnel into the remote server?
>
> Chris
>
>
> On Thu, Jun 5, 2014 at 11:29 AM, Deas, Scott <Scott.Deas@xxxxxxx> wrote:
>
>> Hello,
>>
>>
>>
>> We have a requirement that we create database links to a database at an
>> external site. The network will be public, meaning we need to ensure all
>> communication across said network needs to be encrypted.
>>
>>
>>
>> We have no control over the destination database, we are passing SQL to
>> the destination database and pulling back results, but need to make sure
>> that all transmissions across the link will be encrypted (not just user
>> authentication).
>>
>>
>>
>> The local databases will be 10.2.0.4 on AIX and 11.2.0.4 on Linux. The
>> destination database will be 11.2.0.3 on AIX. All are Enterprise Edition.
>> I’ve read through some of the documentation for Advanced Security, and we
>> do have some licenses available, so if that’s the best solution, we can
>> implement it at the local databases, but destination database will not have
>> Advanced Security installed, so any solutions that require it on both sides
>> would not work.
>>
>>
>>
>> Additionally (and most obviously), we want to avoid any changes to the
>> code utilizing these links, so any suggestions creating views on top of
>> tables using DBMS_CRYPTO to encrypt and then decrypt at the local database
>> won’t work. We really just need to implement a secure way to transfer
>> packets been the two sites.
>>
>>
>>
>> Thanks,
>> Scott
>>
>>
>> Notice of Confidentiality: **This E-mail and any of its attachments may
>> contain
>> Lincoln National Corporation proprietary information, which is
>> privileged, confidential,
>> or subject to copyright belonging to the Lincoln National Corporation
>> family of
>> companies. This E-mail is intended solely for the use of the individual
>> or entity to
>> which it is addressed. If you are not the intended recipient of this
>> E-mail, you are
>> hereby notified that any dissemination, distribution, copying, or action
>> taken in
>> relation to the contents of and attachments to this E-mail is strictly
>> prohibited
>> and may be unlawful. If you have received this E-mail in error, please
>> notify the
>> sender immediately and permanently delete the original and any copy of
>> this E-mail
>> and any printout. Thank You.**
>>
>
>
>
Other related posts:
