ODAC and Oracle Database Security
ODAC and Oracle Database Security
http://www.oracle.com/technology/deploy ... index.html
How is ODAC with dealing with a server setup that has Oracle Advanced Security?
I am wanting to protect as much data (user/pass/sql commands/ect) from being seen on a possible deployed application. (was designed to be internal use only, but higher ups have changed their ideas now)
How is ODAC with dealing with a server setup that has Oracle Advanced Security?
I am wanting to protect as much data (user/pass/sql commands/ect) from being seen on a possible deployed application. (was designed to be internal use only, but higher ups have changed their ideas now)
Re: ODAC and Oracle Database Security
Hello,
Is this still the case with ODAC 10 ?
90% of our customers use direct mode. We don't want to go back to OCI clients.
We need to encryp the communication between the application and the oracle server, not the tables contents or the database.
This is required for security reasons because we work with health organisations that have increased their confidentiality requirements ?
If still not available in direct mode yet, when do you expect to add the feature ? (we need it for 2018 or will have to leave the odac solution)
Thank you
PS: WPA 2 wifi protocol has been cracked in 2017, demand for encrypted transmissions will skyrocket.
Is this still the case with ODAC 10 ?
90% of our customers use direct mode. We don't want to go back to OCI clients.
We need to encryp the communication between the application and the oracle server, not the tables contents or the database.
This is required for security reasons because we work with health organisations that have increased their confidentiality requirements ?
If still not available in direct mode yet, when do you expect to add the feature ? (we need it for 2018 or will have to leave the odac solution)
Thank you
PS: WPA 2 wifi protocol has been cracked in 2017, demand for encrypted transmissions will skyrocket.
Re: ODAC and Oracle Database Security
Support for encryption in the Direct Mode was added in ODAC 10.0.1 (05-Apr-17) :
- Oracle Encryption in the Direct mode is supported
- Oracle Data Integrity in the Direct mode is supported
The full list of changes is available by the link : https://www.devart.com/odac/revision_history.html
- Oracle Encryption in the Direct mode is supported
- Oracle Data Integrity in the Direct mode is supported
The full list of changes is available by the link : https://www.devart.com/odac/revision_history.html
Re: ODAC and Oracle Database Security
I have seen this, but in the documentation you speak only of TCRencriptor componant who encrypts data in tables.MaximG wrote: - Oracle Encryption in the Direct mode is supported
- Oracle Data Integrity in the Direct mode is supported
We don't wan't to encrypt the data, only the network communication between client and server by using oracle tcps or similar.
I really like ODAC, but this will be a requirement for us
Re: ODAC and Oracle Database Security
The description of the mentioned in the previous post technologies is available at Oracle Help Center :
https://docs.oracle.com/cd/B19306_01/ne ... m#ASOAG600
and
https://docs.oracle.com/cloud/latest/db ... ASOAG10117
ODAC does not implement, but supports these technologies in both operation modes : OCI and Direct Mode. The mentioned TCREncriptor is our implementation, therefore it is present in our documentation. Please specify the questions about Oracle Encryption and Oracle Data Integrity that should be covered in ODAC documentation.
https://docs.oracle.com/cd/B19306_01/ne ... m#ASOAG600
and
https://docs.oracle.com/cloud/latest/db ... ASOAG10117
ODAC does not implement, but supports these technologies in both operation modes : OCI and Direct Mode. The mentioned TCREncriptor is our implementation, therefore it is present in our documentation. Please specify the questions about Oracle Encryption and Oracle Data Integrity that should be covered in ODAC documentation.
Re: ODAC and Oracle Database Security
What you have implemented is "Transparent Data Encryption". it is well explained in the links you provide and allows to encrypt fields into tables. Your documentation explains it well and it is certainly a great feature, but not what we want.MaximG wrote:The description of the mentioned in the previous post technologies is available at Oracle Help Center : Please specify the questions about Oracle Encryption and Oracle Data Integrity that should be covered in ODAC documentation.
Our feature request is to leave the data unchanged and just encrypt the tcp communication between ODAC direct mode and the Oracle Server using SSL or TLS. like explained in the same oracle documentation you provided, here https://docs.oracle.com/cd/B19306_01/ne ... m#CIHCBIEG
This is something Oracle can do for years with SQLnet (as requested by the first user of this thread in 2009) but ODAC could not do.
This should be a feature of the TOraSession to handle encrypted data for everything sent and recieved between the client and server. (Not a TdataSet property for just some fields.)
Also we have hundred of customers with individual databases and cannot start encrypting their whole databases. That's why we only want to secure de transmssion not the data.
Is there a way to officially make a feature request for this ? looks like your ingeneers just looked into encryption with this version 10.1 so maybe it's the right moment to ask again while they are still hot ?
Feature request : Can we have SSL or TLS encryption of the client-server communication at TOrasession level ? Please ?
Re: ODAC and Oracle Database Security
You can use encryption between the client and the server using TOraSession in the Direct Mode. As we have already mentioned above, starting from the version 10.0.1 (05-Apr-17) ODAC supports Oracle Encryption ( https://docs.oracle.com/cd/E11882_01/ne ... m#ASOAG010 , section 1.2.1) and
Oracle Data Integrity ( https://docs.oracle.com/cd/E11882_01/ne ... m#ASOAG010, section 1.2.1.2 ). You can test these modes operability by investigating the connection between the client and the server using any convenient sniffer
Oracle Data Integrity ( https://docs.oracle.com/cd/E11882_01/ne ... m#ASOAG010, section 1.2.1.2 ). You can test these modes operability by investigating the connection between the client and the server using any convenient sniffer
Re: ODAC and Oracle Database Security
Thank you Maxim,
We will configure an oracle database for encryption and do some tests asap.
We will configure an oracle database for encryption and do some tests asap.
Re: ODAC and Oracle Database Security
We will be waiting for your testing results.