Re: verifying network encryption on 11gR2?
- From: Adric Norris <landstander668@xxxxxxxxx>
- To: oracle-l <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 22 Jan 2014 14:57:58 -0600
This will certainly work when only a few clients are involved, and we've
certainly made use of it in that scenario. Unfortunately it doesn't scale
well, when numerous clients and applications are involved and scattered
across various organizations and locations. We're hoping to validate all
remote sessions, which is why we're hoping for a query which can be run
against the database itself.
On Tue, Jan 21, 2014 at 1:29 PM, Brent Day <coloradodba@xxxxxxxxx> wrote:
> I would recommend enabling sqlnet tracing set to level 16.
>
> Check out DOC ID 76629.1 on metalink.
>
> Brent
>
>
> On Tue, Jan 21, 2014 at 7:30 AM, Adric Norris <landstander668@xxxxxxxxx>wrote:
>
>> Running any sort of network sniffer will unfortunately be very difficult,
>> likely impossible, to get approved. That's why I'm hoping to find a method
>> which can be easily (and more importantly, reliably) checked from within
>> the database.
>>
>> I do appreciate the suggestion, however, and will certainly keep it in
>> mind. Thanx!
>>
>>
>> On Fri, Jan 17, 2014 at 11:09 PM, Jeff C <backseatdba@xxxxxxxxx> wrote:
>>
>>> Try using Wireshark. You can pretty easily see the different when
>>> network encryption is on versus off. You will see plain text and then a
>>> bunch of scrambled data.
>>>
>>>
>>> On Fri, Jan 17, 2014 at 6:41 PM, Adric Norris
>>> <landstander668@xxxxxxxxx>wrote:
>>>
>>>> Is there a good way to check, from within the database, whether or not
>>>> database sessions are utilizing network encryption? I know you can look at
>>>> the *network_service_banner* column of *v$session_connect_info*, but
>>>> the text format makes it difficult to parse effectively... not to mention
>>>> that I'm not certain that it's always populated (thinking of JDBC thin
>>>> clients here). The databases in question are all 11.2.0.3/11.2.0.4,
>>>> running under a combination of Linux X86-64 and Solaris SPARC 64-bit.
>>>>
>>>> We're thinking of enabling opportunistic network encryption in the near
>>>> future, with the goal of it eventually becoming mandatory. I'd therefore
>>>> like to be able to identify plaintext sessions from within the database, so
>>>> that we have an idea of which applications / groups will need to make
>>>> configuration changes.
>>>>
>>>> Thanx!
>>>>
>>>> --
>>>>
>>>> Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: kernel
>>>> panic [parroty error]
>>>>
>>>>
>>>
>>
>>
>> --
>> "I'm too sexy for my code." -Awk Sed Fred
>>
>
>
--
"I'm too sexy for my code." -Awk Sed Fred
Other related posts:
