Database Reference
In-Depth Information
0x0130: 696e 7465 7874 2720 6672 6f6d 2064 7561 intext'.from.dua
0x0140: 6c01 0000 0000 0000 0000 0000 0000 0000 l...............
0x0150: 0000 0000 0000 0000 0000 0000 0001 0000 ................
0x0160: 0000 0000 0000 8000 0000 0000 0000 0000 ................
0x0170: 0000 0000 00 .....
All that is required in order to encrypt the session is to add the following four lines to your
sqlnet.ora
file on
both client and server:
sqlnet.encryption_server=accepted
sqlnet.encryption_client=requested
sqlnet.encryption_types_server=(RC4_40)
sqlnet.encryption_types_client=(RC4_40)
This is how I found the sqlnet.ora:
[oracle@orlin ~]$ locate sqlnet.ora
/home/oracle/app/oracle/product/12.1.0/dbhome_1/network/admin/samples/sqlnet.ora
/home/oracle/app/oracle2/product/12.1.0/dbhome_1/network/admin/samples/sqlnet.ora
/home/oracle/app/oracle2/product/12.1.0/dbhome_2/network/admin/sqlnet.ora
First, make a backup in case of a mistake:
[oracle@orlin ~]$ cp /home/oracle/app/oracle2/product/12.1.0/dbhome_2/network/admin/sq
lnet.ora /home/oracle/app/oracle2/product/12.1.0/dbhome_2/network/admin/sqlnet.ora_backup
Then edit sqlnet.ora. You can invoke the vi editor as follows:
[oracle@orlin ~]$ vi /home/oracle/app/oracle2/product/12.1.0/dbhome_2/network/admin/sqlnet.ora
Then insert the following lines, save the file, and exit:
sqlnet.encryption_server=accepted
sqlnet.encryption_client=requested
sqlnet.encryption_types_server=(RC4_40)
sqlnet.encryption_types_client=(RC4_40)
Note that there is a
sqlnet.ora
to be edited at both client and server. As that file controls network
communications between client and server and exists at both ends, both ends need to be changed.
In my case the client is also a server, so I have included all four lines in both
sqlnet.ora
files on my one machine.
This keeps things simple, and in the Oracle world that is a good thing.
I have deliberately not made the above edits using the GUI Net Manager, as that requires X server and Java, and
hides the commands from the user. Better to learn the
sqlnet.ora
parameters and get used to using vi over SSH
(putty) without X, as that is how administration is typically done in secure environments.
There is no need to restart the instance—just restart the
SQL*PLUS
session and it will pick up the new
sqlnet.ora
settings at both client and server. Repeating the same SQL statements now results in encrypted ciphertext over
the wire. The above test takes literally a few minutes and works reliably. The big question of course is:
What is the
performance hit?
