Re: Question re security

  • From: Job Miller <jobmiller@xxxxxxxxx>
  • To: "jeremy.schneider@xxxxxxxxxxxxxx" <jeremy.schneider@xxxxxxxxxxxxxx>, "Freek.DHooge@xxxxxxxxx" <Freek.DHooge@xxxxxxxxx>
  • Date: Fri, 17 Jan 2014 07:53:19 -0800 (PST)

network encryption was put back into the base product in 12c altogether.  no 
RAC needed.


Oracle Advanced Security has been repackaged for greater 
availability. The following strong authentication features are now no 
longer part of Oracle Advanced Security and are provided with the 
default Oracle Database installation.
        * Thin JDBC Client Network support
        * RADIUS authentication
        * Kerberos authentication
        * Secure Sockets Layer (SSL) authentication
        * Multiple authentication support





________________________________
 From: Jeremy Schneider <jeremy.schneider@xxxxxxxxxxxxxx>
To: Freek.DHooge@xxxxxxxxx 
Cc: "jpatterson@xxxxxxxxxx" <jpatterson@xxxxxxxxxx>; "shrekdba@xxxxxxxxx" 
<shrekdba@xxxxxxxxx>; Nuno Souto <dbvision@xxxxxxxxxxxx>; Oracle L 
<oracle-l@xxxxxxxxxxxxx> 
Sent: Friday, January 17, 2014 9:59 AM
Subject: Re: Question re security
 


On a related note, remember that SSL/TLS is now free if you're using RAC 
(either standard or enterprise edition) - which offers higher security.  This 
was done to address a known vulnerability with dynamic listener registration.


https://blogs.oracle.com/security/entry/security_alert_for_cve_2012


--
http://about.me/jeremy_schneider



On Fri, Jan 17, 2014 at 1:10 AM, D'Hooge Freek <Freek.DHooge@xxxxxxxxx> wrote:

 
>Going to be fun, as in 11.2 the listener password got deprecated and got 
>desupported in 12c (according to the documentation).
>

Other related posts: