Hello
For MyDAC, it has a property called "IOHandler", by whom we can connect a Security Bridge component for SSH/SSL connection.
For ODAC, I can not find such property. How for ODAC OraSession connect to Oracle through SSH/SSL by using Security Bridge components?
Thanks
ODAC using Security Bridge
Re: ODAC using Security Bridge
ODAC components do not include the "IOHandler" property. It is related to the fact that Oracle provides its own encryption methods :
http://docs.oracle.com/cd/B19306_01/net ... m#BBJBIECD
However, if for any reason this functionality does not suit you, you can use SSH/SSL tunnel to work with Oracle Database. To create such a tunnel, you can use Security Bridge or any other third-party software tools.
http://docs.oracle.com/cd/B19306_01/net ... m#BBJBIECD
However, if for any reason this functionality does not suit you, you can use SSH/SSL tunnel to work with Oracle Database. To create such a tunnel, you can use Security Bridge or any other third-party software tools.
-
applespring
- Posts: 22
- Joined: Tue 15 May 2012 14:01
Re: ODAC using Security Bridge
Hello
SSH tunnel works technically, but failed by security review.
Since very confidential and private data from customer is being accessed, so security is the top requirement.
customer has setup the SSH server as a gateway, and all access must be logged. Through this SSH server gateway, you can establish channels to all their servers in network.
Using port forwarding, we can connected through gateway to the desired server in secure zone, but since port is also opened to any other application, we can not prevent others to use that port.
Say, a virus or hacker, can also detect such port and access to these confidential data through the SSH server connection established by us.
what's more, since we need to mapping each server in network to a local port, this means expose the complete customer's security zone to others by our responsibility.
So from the security review, we would like that ODAC can have the IOHandler property exposed as the same as MyDAC with following benefit:
1. connect-on-demand, disconnect-after-usage
2. most importantly, such SSH channel can be only used by our applications.
Is it possible?
SSH tunnel works technically, but failed by security review.
Since very confidential and private data from customer is being accessed, so security is the top requirement.
customer has setup the SSH server as a gateway, and all access must be logged. Through this SSH server gateway, you can establish channels to all their servers in network.
Using port forwarding, we can connected through gateway to the desired server in secure zone, but since port is also opened to any other application, we can not prevent others to use that port.
Say, a virus or hacker, can also detect such port and access to these confidential data through the SSH server connection established by us.
what's more, since we need to mapping each server in network to a local port, this means expose the complete customer's security zone to others by our responsibility.
So from the security review, we would like that ODAC can have the IOHandler property exposed as the same as MyDAC with following benefit:
1. connect-on-demand, disconnect-after-usage
2. most importantly, such SSH channel can be only used by our applications.
Is it possible?
Re: ODAC using Security Bridge
With proper configuration of SSH port-forwarding you can reduce the risk of unauthorized access to a minimum, if in SSH client parameters you set a rule when the connection to it will be only allowed to local applications (connection to localhost). We still have not implemented this functionality in ODAC due to the low interest of our customers who often prefer to use native solutions offered by Oracle. In any case, we will consider adding a possibility of work with IOHandler in ODAC. To assess the importance of such implementation, please leave your voice at our UserVoice service : https://devart.uservoice.com/forums/104 ... 915-oracle