Database Reference
In-Depth Information
Running the Code
We assume you followed the procedure to run the code in the previous chapter. This chapter will use an
identical procedure. In a command prompt, change directories to
Chapter6
. Compile the code with this
command:
javac orajavsec/OracleJavaSecure.java
If you have any problems, refer to Chapter 3 for directions on compiling at the command prompt
and setting your environment
CLASSPATH
to include
ojdbc6.jar
. Then run the code from that same
directory with this command:
java orajavsec.OracleJavaSecure.OracleJavaSecure
Observing the Results
The following two lines will be printed as a result of the commands issued in the preceding section:
Monday
PBEWithSHA1AndDESede
We encrypted the string “Monday” using the DES secret password key when we emulated the server,
and we passed the encrypted data back to the client, along with the secret password key artifacts,
encrypted with the client RSA public key. Back at the client, we built a duplicate DES key using the
artifacts, and decrypted the encrypted data. We printed out the decrypted data and saw “Monday” at the
command prompt. Then we printed the negotiated algorithm. If you are using JDK 1.6 or later on your
workstation, you will see
PBEWithSHA1AndDESede
; however, if you are using JDK 1.5, you will see
PBEWithMD5AndDES
.
Coding to Test Client/Server Secret Password Encryption
The next line is at the top of our Java code in
OracleJavaSecure.java
. Uncomment it and copy the entire
code into your Oracle client.
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED appsec."orajavsec/OracleJavaSecure" AS
For security, scroll down to the class body and assure you do not have a valid password in the
connection string. If you do, remove the password from the connection string before executing this
command in Oracle.
private static String appsecConnString =
"jdbc:oracle:thin:AppSec/
password
@localhost:1521:Orcl";
Execute the script in your Oracle client (e.g., SQL*Plus) to load the Java code into the Oracle
database. This command, as we have seen, loads the Java code into the Oracle database and compiles it.
Setting the Code to Test Server as well as Client
To compile and execute
OracleJavaSecure
on your client, that first line that we uncommented to run on
the Oracle database, needs to be commented:
//
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED appsec."orajavsec/OracleJavaSecure" AS
