Advanced Security -TDE - Encrypted Tablespace Question

In discussions regarding the move of existing objects from a non-encrypted tablespace to a TDE tablespace, all relevant text, e.g. [TDE Best Practices|http://www.oracle.com/technology/deploy/security/database-security/pdf/twp_transparent-data-encryption_bestpractices.pdf], states that the objects should be exported from the non-encrypted tablespace and then imported into the encrypted tablespace. After which the old tablespace should be dropped, wiped, etc.
I'm just wondering if there is a reason that we couldn't use an ALTER TABLE..MOVE operation instead. If not, specifically, why not?
Thanks,
-Joe

Oracle Docs at followng link says..
http://download-uk.oracle.com/docs/cd/E11882_01/network.112/e10746/asotrans.htm
" You cannot encrypt an existing tablespace. However, you can import data into an encrypted tablespace using the Oracle Data Pump utility. You can also use SQL commands like CREATE TABLE...AS SELECT...or ALTER TABLE...MOVE... to move data into an encrypted tablespace. The CREATE TABLE...AS SELECT... command enables you to create a table from an existing table. The ALTER TABLE...MOVE... command enables you to move a table into the encrypted tablespace.
So you can do Alter table move too.

Similar Messages

  • When turning on Advanced Security Network Encryption tnsping fails

    Hi people,
    I'm installing Advanced Security Network Encryption in my server (RHEL 3), I've configured my sqlnet.ora as follows:
    SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
    SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = MD5
    SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
    SQLNET.ENCRYPTION_SERVER = REQUIRED
    SQLNET.CRYPTO_SEED = "abcdefg"
    After that, tnsping do not work anymore, I'm getting TNS-03505 - "Failed to resolve name".
    If I remove Adv. Security configuration tnsping become normal.
    Do anybody knows what can it be?
    Thanks in Advance
    André Teixeira

    Are you running tnsping from the server to itself? Or from the client? Has Advanced Security been configured on the client?
    Justin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

  • Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?

    Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?
    We are not licensed for the Oracle Advanced Security Option and I have been tasked to use Oracle Network Data Encryption in order to encryption network traffic between Oracle instances that reside on remote servers. From what I have read and my prior understanding this is not possible without ASO. Can someone confirm or disprove my research, thanks.

    Hi, Srini Chavali-Oracle
    As for http://www.oracle.com/technetwork/database/options/advanced-security/advanced-security-ds-12c-1898873.pdf?ssSourceSiteId… ASO is mentioned as TDE and Redacting Sensitive Data to Display. Network encryption is excluded.
    As for Network Encryption - Oracle FAQ (of course this is not Oracle official) "Since June 2013, Net Encryption is now licensed with Oracle Enterprise Edition and doesn't require Oracle Advanced Security Option." Could you clarify this? Thanks.

  • Advanced Security question

    I hope I'm asking this question right. Do any of you know if Advanced Security supports IOS module 12.4 13 on a 2811?

    Hi,
    For your first question about exception list: If Windows Firewall is blocking a program and you want to allow that program to communicate through the firewall, you can usually do that by selecting the program in the list of allowed programs (also called
    the exceptions list) in Windows Firewall.
    For the second question, that means Firewall allow your Skype to communicate through Firewall.
    You can add items manually, or just choose following settings after installing or configuring first open network app:
    Eg.
    Kate Li
    TechNet Community Support

  • Comparing performance between TDE encryption and no encryption

    Hi all,
    How can i check, how much database resource (%CPU, Time elapsed) increased when using TDE encryption.
    Thank you!
    Dan.
    Edited by: Dan on Jul 10, 2011 10:13 PM

    The performance implications of using TDE are going to depend on a number of factors including
    - The version of Oracle
    - The hardware available (in particular whether hardware acceleration is available for encryption)
    - Whether you are using tablespace encryption or column-level encryption
    - If you are using column-level encryption how many columns you are encrypting
    - What sort of workload your system is doing.
    - Where your system bottlenecks today without encryption
    Without knowing those things, it's hard to narrow down the answer to somewhere between 0 and 50% which is, obviously, far too large a range to be meaningful.
    On the one hand, the worst case is probably represented by this test case where you're using column-level encryption of one column of a two column table in 10.2 and doing single-row inserts and deletes. Those operations are already heavily CPU bound and, since you're using column-level encryption, the data has to be encrypted and decrypted every time it goes into or out of the SGA. If you were using tablespace-level encryption, the data would only need to be encrypted and decrypted when it is read from or written to the disk which would be far faster in for this test case. Later versions of Oracle also tend to be more efficient.
    On the other hand, if you're using 11.2 with the most recent patches and you've got hardware acceleration, Oracle is happy to trumpet the [urlhttp://www.oracle.com/technetwork/database/options/advanced-security/index-099011.html]near-zero performance impact of TDE.
    Most people live somewhere between these two extremes but it's hard to guess where your particular application falls. I would guess that most people would see something like a 10-15% increase in CPU consumption but that's just a wild guess based on a relatively small sample of systems.
    Justin

  • About TDE encryption feature of oracle

    Hi All,
    I am facing problems while checking this feature of Encryption,
    I created in database1, table1 with user1, coulum1 in the table1 was with encrypt keyword as follows.
    create table table1(ID number(3), PHONE number(11) encrypt);
    Inserted some rows and selected those rows, it shows them successfully, Ideally it should show the actual data for user1.
    gave the select permission to user2 from user1 for table1 as follows:
    grant select on table1 to user2;
    Now logged in with user2 to same database1.
    now when I query the database for table1 as follows:
    select * from database1.table1;
    It shows all the rows successfully, Ideally it should NOT show the actual data for user2.
    Can someone please tell me the solution or explain me the procedure to test it properly.
    Thanks in advance,
    Nikhil Joshi.

    TDE encrypts data when it is on disk "at rest". If a user has SELECT access to the data in question, TDE will transparently (hence the T) decrypt the data. TDE will never present any user with encrypted data-- either the user does not have privileges to select the data in the first place or they do and TDE will decrypt it.
    If you want to limit what data a particular user can access, you'd either want to do that conventionally by, for example, creating a view on the table that does not have the phone number and only granting access on that view to user2. Or, assuming you're using 11.2, you could create a VPD policy that limits what columns a particular user can see. A VPD policy would generally make sense if you wanted to allow user2 to see the phone number for some rows but not others.
    Justin

  • Take a Schema Dump of 11 g Db located in encrypted tablespace

    Hi All,
    I have a schema where all the tables are residing in encrypted tablespace.
    When I try to take Schema dump ,it gives me an error that Table resides in encrypted
    tablespace and will not be exported.
    How will I be able to take the schema dump?Please advice.
    Thanks in Advance,
    Krishna

    Hi Madrid,
    Yeah you are correct I TDE is being used.I have the encryption key and the wallet password. Can you point me to the syntax to take the schema dump using these parameters.Also who will be the privileged user to take the dump?
    I tried to search but was in vain.
    Thanks ,
    Krishna

  • Goldengate 11.1.1.1 Oracle 11.2 Encrypted tablespace

    Please advise why this error is showing and help us on this situation
    Line: -----
    Windows 2008 x64
    Oracle 11.2.0.1 x64
    Oracle Goldengate 11.1.1.1 x64
    ++++++++++++SOURCE++++++++++++++
    sql>conn / as sysdba
    **************CREATE TABLESPACE AND TABLE********************
    CREATE TABLESPACE encrypted_ts
    DATAFILE 'd:\oradata\test\encrypted_ts01.dbf' SIZE 128K
    SIZE 15M
    AUTOEXTEND ON NEXT 20M
    MAXSIZE UNLIMITED
    LOGGING
    ENCRYPTION USING 'AES192'
    EXTENT MANAGEMENT LOCAL
    SEGMENT SPACE MANAGEMENT AUTO
    DEFAULT NOCOMPRESS STORAGE(ENCRYPT);
    CREATE TABLE TESTA
    ID NUMBER,
    NAME VARCHAR2(16 CHAR)
    LOGGING
    NOCOMPRESS
    NOCACHE
    NOPARALLEL
    MONITORING;
    cmd> mkstore -wrl d:\test\wallet -createEntry ORACLE.SECURITY.CL.ENCRYPTION.ORACLEGG
    Enter <secret> : test
    cmd>mkstore -wrl d:\test\wallet -viewEntry ORACLE.SECURITY.CL.ENCRYPTION.ORACLEGG
    ORACLE.SECURITY.CL.ENCRYPTION.ORACLEGG = test
    sql>ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY 'welcome1';
    sql>ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY 'welcome1';
    Compile dbms_internal_clkm package.
    sql>@prvtclkm.plb
    sql>GRANT EXECUTE ON SYS.DBMS_INTERNAL_CLKM TO GGS_OWNER;
    **********************************GOLDENGATE******************************************
    ggsci>dblogin userid ggs_owner, ggs_owner
    ggsci>add extract ext2ts, tranlog, begin now
    ggsci>add rmttrail D:\ggs\dirdat\ts, extract ext2ts
    ggsci>ENCRYPT PASSWORD test ENCRYPTKEY DEFAULT
    Using default key...
    Encrypted password: AACAAAAAAAAAAAEAZAMEFCPGPEOHYDHE
    ggsci>edit params ext2ts
    EXTRACT ext2ts
    USERID ggs_owner, PASSWORD ggs_owner
    RMTHOST 192.168.0.2, MGRPORT 7809
    RMTTRAIL D:\ggs\dirdat\ts
    DBOPTIONS DECRYPTPASSWORD AACAAAAAAAAAAAEAZAMEFCPGPEOHYDHE ENCRYPTKEY DEFAULT -- ???
    TABLE TESTA;
    +++++++++++++TARGET++++++++++++++++
    sql> conn / as sysdba
    **************CREATE TABLESPACE AND TABLE********************
    cmd>
    CREATE TABLESPACE ts
    LOGGING DATAFILE 'd:\oradata\test\ts.dbf'
    SIZE 15M
    AUTOEXTEND ON NEXT 20M
    EXTENT MANAGEMENT
    LOCAL SEGMENT SPACE
    MANAGEMENT AUTO;
    CREATE TABLE TESTA
    ID NUMBER,
    NAME VARCHAR2(16 CHAR)
    LOGGING
    NOCOMPRESS
    NOCACHE
    NOPARALLEL
    MONITORING;
    ************************************GOLDENGATE*****************************************
    ggsci>DBLOGIN USERID ggs_owner, PASSWORD ggs_owner
    ggsci>ADD CHECKPOINTTABLE GGS_OWNER.CHKPTAB
    ggsci>ADD REPLICAT rep1, EXTTRAIL D:\ggs\dirdat\ts, CHECKPOINTTABLE GGS_OWNER.CHKPTAB
    ggsci>EDIT PARAMS rep1
    REPLICAT rep1
    ASSUMETARGETDEFS
    USERID ggs_owner, PASSWORD ggs_owner
    MAP GGS_OWNER.TESTA, TARGET GGS_OWNER.TESTA;
    +++++++++++++TARGET+++++++++++++++
    ggsci>start replicat rep1
    +++++++++++++SOURCE+++++++++++++++
    ggsci>start extract ext2ts
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!EXTRACT - REPORT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    2011-07-05 11:46:50 ERROR OGG-01028 ORA-06521: PL/SQL: Error mapping function
    ORA-06512: at "SYS.DBMS_INTERNAL_CLKM", line 3
    ORA-06512: at line 1.
    2011-07-05 11:46:50 ERROR OGG-01668 PROCESS ABENDING.
    Edited by: Oyunbold on Jul 7, 2011 3:25 AM
    Edited by: Oyunbold on Jul 19, 2011 6:09 PM

    Yesterday, I met the same problem. How do you solve it ? Plz, help me.
    OS : AIX 5.3
    DB : Oracle 11.1.0.7
    OGG : 11.1.1.1
    2011-09-06 15:26:56 INFO OGG-01515 Oracle GoldenGate Capture for Oracle, eora01.prm: Positioning to begin time Sep 2, 2011 6:50:49 PM.
    2011-09-06 15:26:56 ERROR OGG-01028 Oracle GoldenGate Capture for Oracle, eora01.prm: ORA-12427: invalid input value for FLAGS parameter ORA-06512: at "SYS.DBMS_INTERNAL_CLKM", line 3 ORA-06512: at line 1.
    2011-09-06 15:26:56 ERROR OGG-01668 Oracle GoldenGate Capture for Oracle, eora01.prm: PROCESS ABENDING.
    Our Extract configuration is below :
    EXTRACT EORA01
    USERID ogg, PASSWORD AACAAAAAAAAAAADAHBMDHBECUCZBPIYE, encryptkey XKEY
    DBOPTIONS DECRYPTPASSWORD AACAAAAAAAAAAAIARIXFKCQBMFIGFARA ENCRYPTKEY DEFAULT
    ENCRYPTTRAIL
    exttrail ./dirdat/ea
    EOFDELAYCSECS 50
    FLUSHCSECS 50
    DISCARDFILE ./dirrpt/EORA01.DSC, APPEND, MEGABYTES 500
    DISCARDROLLOVER AT 07:30
    TABLE TVANBT.TLF_BUYS_MISS;
    ...

  • Command to set modify Advanced Security Settings (Audit Settings for folders) on windows 2008

    Hello,
    We have requirement to modify  Advanced Security Settings (Audit Settings for folders) on windows 2008. I am looking for a command which does this job.
    I know, using group policies I can do this; in fact I had done this using group policies. However, I need to do this on number of servers which are not in domain. There are around 15 folders on which I need to enable Auditing; manual editing folder advanced
    permissions is a cumbersome job. Hence, I am looking for a command line options.
    I need to know how command can be utilised to enable Audit option on a folder. Please share a command which can do this; once I get the command, I will create a batch file for other necessary folders. (BTW, this is not a scripting question, I just need to
    know the command hence, please do not re-direct me to scripting forum)
    Manually through GUI, I am setting following.. snaps are given below
    Thanks !

    You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx
    This
    posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
    Microsoft
    Student Partner 2010 / 2011
    Microsoft
    Certified Professional
    Microsoft
    Certified Systems Administrator: Security
    Microsoft
    Certified Systems Engineer: Security
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows 7, Configuring
    Microsoft
    Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer
    Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.
    Thanks !

  • Conversion of postscript (converted from secure or encrypted pdf) to pdf

    I have a postscript file which has been created from secure or encrypted (opening restriction) pdf.
    Now when i use distiller to convert this postscript file to pdf then distiller cannot produce a pdf file.
    The log file contains following text:
    This PostScript file was created from an encrypted PDF file.
    Redistilling encrypted PDF is not permitted.
    %%[ Flushing: rest of job (to end-of-file) will be ignored ]%%
    %%[ Warning: PostScript error. No PDF file produced. ] %%
    1) Is there a way to convert this postscript file into pdf ?
    I have a limitation that i cannot remove security from secure pdf.
    2) Do distiller provide any settings which can be changed to convert
    this kind of ps(from secure pdf) to pdf.
    3) Can we provide password to distiller during process of conversion to
    pdf.
    4) If above methods do not work then is there a way we can
    programatically using Distiller Api's for conversion to pdf.
    Like methods 'FileToPdf' etc.
    Thanks in advance.

    I am facing a similar problem.
    My workflow dictates that I convert the input PDF job initially to PS and finally back to PDF. If the input PDF file is secure (it's not encrypted - you will still be able to open the document), the redistillation of PS to PDF fails while using Normalizer 6.0 && 9.0 libraries. If I use Normalizer 505 library, the redistillation succeeds. I have checked with the same generated PS on both Distiller 6.0 && 9.0, and both the versions fail to reconvert as well. I am a little surprised that 6.0 and 9.0 will fail to do something that 505 library manages.
    Any suggestions?

  • Oracle advanced security problem

    I have the following situation:
    Oracle 10.2.0.2.0 database running on RHEL 3.0
    Oracle advanced security is installed
    sqlnet.ora on the server
    # sqlnet.ora Network Configuration File: c:\oracle\NETWORK\ADMIN\sqlnet.ora
    # Generated by Oracle configuration tools.
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    # This file is actually generated by netca. But if customers choose to
    # install "Software Only", this file wont exist and without the native
    # authentication, they will not be able to connect to the database on NT.
    SQLNET.CRYPTO_SEED = 'gkjhkh987987979'
    SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
    SQLNET.CRYPTO_CHECKSUM_SERVER = required
    SQLNET.ENCRYPTION_TYPES_SERVER= (DES40, DES, 3DES112)
    SQLNET.ENCRYPTION_SERVER = required
    #SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (MD5)
    #SQLNET.CRYPTO_CHECKSUM_CLIENT = accepted
    #SQLNET.ENCRYPTION_TYPES_CLIENT = ("DES40,DES")
    #SQLNET.ENCRYPTION_CLIENT = accepted
    On the client I have two homes
    1. Oracle 10g client
    I can connect to the database even if there is no crypto and checksum types specified.
    2. Application which is using oracle 8 client
    if there are no crypto and checksum types I get
    ORA-12660: Encryption or crypto-checksumming parameters incompatible
    Cause: One side of the connection specified "REQUIRED" for encryption or crypto-checksumming, while the other side specified "REJECTED".
    if the slqnet.ora is
    # sqlnet.ora Network Configuration File: c:\oracle\NETWORK\ADMIN\sqlnet.ora
    # Generated by Oracle configuration tools.
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    # This file is actually generated by netca. But if customers choose to
    # install "Software Only", this file wont exist and without the native
    # authentication, they will not be able to connect to the database on NT.
    SQLNET.CRYPTO_SEED = 'gkjhkh987987979'
    #SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
    #SQLNET.CRYPTO_CHECKSUM_SERVER = required
    #SQLNET.ENCRYPTION_TYPES_SERVER= (DES40, DES, 3DES112)
    #SQLNET.ENCRYPTION_SERVER = required
    SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (MD5)
    SQLNET.CRYPTO_CHECKSUM_CLIENT = accepted
    SQLNET.ENCRYPTION_TYPES_CLIENT = ("DES40,DES")
    SQLNET.ENCRYPTION_CLIENT = accepted
    I get
    ORA-12649: Unknown encryption or data integrity algorithm
    Cause: An Oracle Advanced Security list-of-algorithms parameter included an algorithm name that was not recognized.
    Any Ideas?

    I have the following situation:
    Oracle 10.2.0.2.0 database running on RHEL 3.0
    Oracle advanced security is installed
    sqlnet.ora on the server
    # sqlnet.ora Network Configuration File: c:\oracle\NETWORK\ADMIN\sqlnet.ora
    # Generated by Oracle configuration tools.
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    # This file is actually generated by netca. But if customers choose to
    # install "Software Only", this file wont exist and without the native
    # authentication, they will not be able to connect to the database on NT.
    SQLNET.CRYPTO_SEED = 'gkjhkh987987979'
    SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
    SQLNET.CRYPTO_CHECKSUM_SERVER = required
    SQLNET.ENCRYPTION_TYPES_SERVER= (DES40, DES, 3DES112)
    SQLNET.ENCRYPTION_SERVER = required
    #SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (MD5)
    #SQLNET.CRYPTO_CHECKSUM_CLIENT = accepted
    #SQLNET.ENCRYPTION_TYPES_CLIENT = ("DES40,DES")
    #SQLNET.ENCRYPTION_CLIENT = accepted
    On the client I have two homes
    1. Oracle 10g client
    I can connect to the database even if there is no crypto and checksum types specified.
    2. Application which is using oracle 8 client
    if there are no crypto and checksum types I get
    ORA-12660: Encryption or crypto-checksumming parameters incompatible
    Cause: One side of the connection specified "REQUIRED" for encryption or crypto-checksumming, while the other side specified "REJECTED".
    if the slqnet.ora is
    # sqlnet.ora Network Configuration File: c:\oracle\NETWORK\ADMIN\sqlnet.ora
    # Generated by Oracle configuration tools.
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    # This file is actually generated by netca. But if customers choose to
    # install "Software Only", this file wont exist and without the native
    # authentication, they will not be able to connect to the database on NT.
    SQLNET.CRYPTO_SEED = 'gkjhkh987987979'
    #SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
    #SQLNET.CRYPTO_CHECKSUM_SERVER = required
    #SQLNET.ENCRYPTION_TYPES_SERVER= (DES40, DES, 3DES112)
    #SQLNET.ENCRYPTION_SERVER = required
    SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (MD5)
    SQLNET.CRYPTO_CHECKSUM_CLIENT = accepted
    SQLNET.ENCRYPTION_TYPES_CLIENT = ("DES40,DES")
    SQLNET.ENCRYPTION_CLIENT = accepted
    I get
    ORA-12649: Unknown encryption or data integrity algorithm
    Cause: An Oracle Advanced Security list-of-algorithms parameter included an algorithm name that was not recognized.
    Any Ideas?

  • Oracle Advanced Security in Developer Forms 10g (10.1.2.)

    Hi everybody,
    I have installed Oracle RDBMS 10g v.2 (10.2.0) and Developer Suite 10g (v 10.1.2) on XP platform on the same machine.
    I want to configure encryption and SSL authentication (Oracle Advanced Security) using Oracle Net Manager of Developer Suite as I have done before on Oracle Net Manager of Oracle Database Server and Oracle Client 10g as well....
    The problem is that there is no such a selection in Oracle Net Manager and i'm wondering if there is the capability to install and configure Oracle Advanced Security in Developer Suite 10.1.2..
    Is there Developer Suite 10.2. downloadable from OTN....????
    Thanks , for your interest...
    Simon

    I believe they need to be in separate folders.
    I extracted them into separate folders, then ran setup.exe from disk 1. It will ask you for the location of disk 2, enter that path and away it went.

  • Advanced Security Server /Entrust-enabled SSL

    We are expermenting to configure Advanced Security Server to work with Entrust. I had a quick look on Oracle 9i Advanced Security Server /Administrators Guide, and found a lot more detailed instructions about configuring Entrust-enabled SSL.. In addition, there are samples of how sqlnet.ora will look like. The question: Can we use 9i manual to configure Entrust-enabled SSL for Oracle 817? If we can't use the 9i manual, is there any addendum document to the Chapter 10-Enabling Entrust
    Authentication in Oracle8i Advanced Security Administrators Guide, other than CR #281745 ....
    null

    Hi Justin,
    The Visual Basic application software uses Oracle OLEDB Provider 9.2.0.7.0
    We use various classes available in OLEDB for acessing the database. For example, the connection string looks like the following:
    Provider=oraoledb.oracle; data source=oraserve; user id=myuserid; password=mypasswd;
    The application uses ADODB objects to access data.
    Hope this clarifies
    Regards,
    SAM

  • Have Effective Permissions but not showing in Advanced Security in AD UC

    I'm trying to find out where a user account is getting permissions to our Active Directory Users & Computers.  On the entire domain it has the ability to modify all properties, modify permissions, change owner, and a bunch of stuff that it
    shouldn't.  I found this out when testing and verified it with using "effective permissions".  The weird thing is, when looking at Advanced security, neither the user nor the security group it is in are explicitly given permissions anywhere
    in ADUC.  My question is:  where could it be getting these rights?  How do I find it if it's not in the Advanced Security Settings area of ADUC? 
    I know the problem is the security group and not the user account.  After I removed the user account from its security group, it no longer had the extra permissions it shouldn't have.
    TestUserA is a member of SecurityGroupA:  TestUserA has rights to all of our AD domain  (unexpected, not sure where the rights are coming from)
    TestUserA removed from SecurityGroupA:  TestUserA only has basic "read" rights to our AD domain (the desired level of permissions)
    Any help or suggestions of where to find SecurityGroupA's permissions are coming from would be helpful.  Thank you!

    Any ideas?  I would really like to know the answer to this question because there is no way for me to audit these permissions or know which other groups may be getting more permissions than expected. 
    I know for sure the user is getting permissions from SecurityGroupA.  I can clearly see using Effective Permissions that TestUserA gets added permissions in AD when I add them to this group, and the permissions get removed when no longer a member of
    this group.  It's odd to me that this group isn't explicitly listed anywhere
    in AD Security, and it isn't a member of any other groups.  Where in the world are the permissions coming from?  Viewing the Advanced Security through the mmc and running DCACLS are both useless.  The permissions are completely invisible
    to us unless we run Effective Permissions specifically against the user. 
    We are likely going to explicitly deny the group permissions since we cannot figure out how or why this group is getting permissions to AD.  This is just a quick-fix, as there still might be other security holes in our environment.

  • 8iR2 and Advanced Security Option?

    Can anyone confirm if 8iR2 (I'm downlaoding my copy now) fully implements the Advanced Security Option ... for sql*net, JDBC, and IIOP connections?
    I ask this 'coz in 8i (up to 8.1.5.0.2), even though the Advanced Security Option is 'enabled', I never got them to work and it complains of "uninstalled (or somethine like that) algorithms".

    John,
    The advance Security Option on the current release only supports the SSL protocol. The version that you have downloaded supports only "export" encryption.
    We are planning to release a full update of the ASO option to add things like kerberos authentication and others by mid June. We also plan to add the "strong encryption" capaility.
    Sorry for the delay.
    Regards,
    Josue Amaro
    Product Line Manager
    Linux Products
    Oracle Corporation

Maybe you are looking for

  • One iTunes/Apple account-2 users

    We have an iPod Touch and 1 iTunes acccount and one Apple ID. we also have 2 iPod classics as well and an iPhone with quite a few apps. I am trying to figure out the best way to go about separating or not into 2 users. iPod Touch is new and there is

  • Transfer of specific gl account balances transfer

    We want to transfer the particular GL account balances not all gl account balances.  How to transfer.  I dont find any list of selection gl accounts in F.16 or FAGLGVTR

  • ABAP for Java Developers

    Hi, I'm a Java developer that developed some Java Web Dynpro for my company. Unfortunately my boss said to me that we don't have work to do on Java Web Dynpros and told me to learn ABAP Web Dynpros. Is there any resource or quick reference for Java P

  • Old version of firefox in add remove programs

    When I originally installed Firefox on my machines it was Firefox 11 I have updated to the most recent version Firefox 16 but in Add/Remove programs is still shows Version 11. When I do a scan on my network it still shows version 11 on all my machine

  • Time Capsule not working with cable modem

    I have a WebStar modem using Cox cable internet. When I plug the ethernet cable into my Macbook directly out of the modem, I have internet. When I plug the Ethernet cable into my Time Capsule - I have no internet and the lights on the modem do not fl