Configuring encryption and integrity data on NET8

Hi,
I want to know for my bd Ora8i_R3 (win2k_Ad_Ser), How configure native Net8 data encryption and integrity for Oracle Advanced Security. Incluying algorithms RC4_40 (encryption) MD5 for integrity.
On Server.
On Client.

tahiti.oracle.com has all of Oracle's documentation. Search for Oracle Advanced Security and you'll get plenty of documentation.
Justin

Similar Messages

  • JDBC Thin Driver Support for Data Encryption and Integrity

    Hello JDev Team,
    I am trying to implement JDBC Thin Driver Support for Data Encryption and Integrity.
    It works fine with java.sql.Connection and java.util.Properties like in the following code:
    DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
    Properties props = new Properties();
    int level = AnoServices.REQUIRED;
    props.put("oracle.net.encryption_client", Service.getLevelString(level));
    props.put("oracle.net.encryption_types_client", "( RC4_40 )");
    props.put("oracle.net.crypto_checksum_client",Service.getLevelString(level));
    props.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
    Connection conn = DriverManager.getConnection ("jdbc:oracle:thin:@localhost:1521:main", props);
    etc...
    But I am developing an application with InfoSwing components and it has a different way to connect to Oracle database using oracle.dacf.dataset.connections.Connection, like this:
    sessionInfo1.setAppModuleInfo(new ModuleInfo("bc", "BcModule"));
    sessionInfo1.setConnectionInfo(new LocalConnection("JDBCThin"));
    sessionInfo1.publishSession();
    My question is:
    Is there any way to implement DataEncryption and Integrity into this type of connection?
    Thanks a lot in advance.
    Victor Bykov
    null

    Victor,
    No, you can't do this from DAC, but I've been discussing it with the developer, and we both think this capability would be useful to have, so I've logged it as an enhancement request.
    I do have a question for you. Once you've made the JDBC connection, do you need access to the Connection object afterwards? We're thinking of how the change could be implemented, and one way would be to allow you to pass in a Properties object when creating your own NamedConnection.
    Thanks
    Blaise

  • Database connection encryption and integrity with ColdFusion and Oracle thin client

    As ColdFusion datasource we are using the Oracle thin client to  connect with the database. So, basically we are using a JDBC URL such as  jdbc:oracle:thin:@... and as Driver Class oracle.jdbc.OracleDriver. This works successfully however we would like to set encryption and  integrity parameters as well. In Java this is done similarly by setting a  Properties object prior to getting a connection as follows:
    Properties prop = new Properties();
    prop.put("oracle.net.encryption_client", "REQUIRED");
    prop.put("oracle.net.encryption_types_client", "( DES40 )");
    prop.put("oracle.net.crypto_checksum_client", "REQUESTED");
    prop.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
    OracleDataSource ods = new OracleDataSource();
    ods.setProperties(prop);
    ods.setURL("jdbc:oracle:thin:@localhost:1521:main");
    Connection conn = ods.getConnection();
    Is there a way that I can pass these parameters to the ColdFusion  datasource. Ideally, I would love to do this centrally in such way that a  change to all the cfquery or cfstoredproc is not needed.
    I also know that in application servers such as Oracle AS there is an  option when creating a datasource which says "Add Properties". In there  you can add such properties. So, I was thinking of maybe creating a  JNDI DS in the app. server and then magically connecting to it but this  may have some impacts on the app.
    Besides this I was also thinking of communicating with the CF  datasource through the CF admin API (cfide.adminapi.administrator) and  also the option of extending the Oracle driver so that when CF connects  with it these params are already set.
    I would love to have your professional opinion and suggestions on this.

    I believe the thin driver actually needs the IP address (not the DNS name). Also, is "java" the name of the Oracle instance to which you are trying to connect?
    Try the following:String driver = "jdbc:oracle:thin";
    String dbIP = "W2RZ1NXG01's IP address";
    String dbPort = "1530";
    String dbSid = "java";
    String dbUser = "Admin";
    String dbPswd = "apassword";
    String cnctStr = driver + ":@" + dbIP + ":" + port + ":" + dbSid;
    try
        Class.forName("oracle.jdbc.driver.OracleDriver");
        con = DriverManager.getConnection( cnctStr, dbUser, dbPswd );
        stmt = con.createStatement();
        stmt.executeUpdate(createString);
        stmt.close();
        con.close();
    catch(SQLException ex)
        System.err.println( "The following SQLException occurred: " + ex );
        System.err.println( "Message: " + ex.getMessage() );

  • Encrypting and Decrypting Data(Its Very Urgent, Please Help.)

    Hi,
    Can anyone tell me some idea in the below mentioned details.
    Iam creating a Function for Encrypting and Decrypting Data Values using
    DBMS_OBFUSCATION_TOOLKIT with UTL_RAW.CAST_TO_RAW by using
    Key Value as normal.
    But the problem, is it possible to have the key value more than 8.
    Its showing me error when i give the key value less than 8 or more than 8.
    Can u tell me why it happens, is that the limit of the key value or is any other way to do that.
    Its Very Urgent, Please Help.
    Thanks,
    Murali.V

    Is this what you're looking for?
    Usage Notes
    If the input data or key given to the DES3DECRYPT procedure is empty, then the procedure raises the error ORA-28231 "Invalid input to Obfuscation toolkit."
    If the input data given to the DES3DECRYPT procedure is not a multiple of 8 bytes, the procedure raises the error ORA-28232 "Invalid input size for Obfuscation toolkit." ORA-28233 is NOT applicable for the DES3DECRYPT function.
    If the key length is missing or is less than 8 bytes, then the procedure raises the error ORA-28234 "Key length too short." Note that if larger keys are used, extra bytes are ignored. So a 9-byte key will not generate an exception.
    C.

  • Configure usage and health data collection sharepoint 2013

    Hi,
    I get the below error,, having checked online some seemed to suggest its related to permissions so I have given full rights to the directory to my admin account and also to IIS_ISURS accounts, any help would be appriciated.
    Sorry,
    something went wrong
    An error occurred during the
    compilation of the requested file, or one of its dependencies. Could not write
    to output file 'c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary
    ASP.NET
    Files\root\180391dd\9373b6cd\App_Web_logusage.aspx.76acb6ce.l76xgmf4.dll' --
    'The directory name is invalid.

    Hi AG9,
    Please try disabling loopback check on your SharePoint servers, then check results again.
    See more information from below.
    http://blogs.technet.com/b/praveenh/archive/2013/04/30/sorry-something-went-wrong-error-message-when-users-try-to-navigate-to-site-collection-features-page.aspx
    Thanks
    Daniel Yang
    TechNet Community Support

  • Reading Encrypted Password from Configuration File and Decrypt it at login

    Hi All,
    My application reads a configuration file to connect to the ORACLE database. The values defined for password are clear text as given below:
    user: 'mh'
    password='abcd1234'
    Is there is any way I can give an encrypted password in the configuration file instead of a clear text file and at the time of login ORACLE decrypts it. I am using ORACLE 11g Database.
    My company have a requirement that passwords are not stored in the clear in properties files. the reason being I suppose that if the password is stored in plaintext someone could hit the property file directly, get the password and then connect to the database with it.
    For a regular user connecting through an Oracle client or SQL Developer they would need to have the plaintext password in order to connect.
    its based on the requirements of
    International Standards Organization Guidance
    ISO 17799 � 9.5.4 requires password management systems to:
    � enforce the use of individual passwords
    � allow users to select and change their own passwords if appropriate
    � enforce a choice of quality passwords
    � force regular changes of passwords
    � maintain a record of previous user passwords to prevent re-use
    � not display passwords when they are being entered
    � store password files separately from application system data
    � store passwords in encrypted form using a one way encryption algorithm
    � alter default vendor passwords following installation of software
    So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.
    I have feeling there is a way of configuring this in Oracle advanced Security, but just can't quite get it to work.
    Edited by: user5568473 on 20-May-2013 00:05

    So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.... and neither can your application. Encryption is needed in this case. The decryption must be written into your application. I've written my own in some cases, but finding a library for your development language is a smarter solution.
    One alternative is using an Oracle wallet. It doesn't fit every circumstance and does have some maintenance headaches.
    You can set up a basic secure password store to encrypt and store the password for a given user@instance combination, and then connect to the database without passing a password. SQL*Net adds in the appropriate password from the wallet for when you connect.
    http://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf
    Advanced Security Option also allows you to set up a Public Key Infrastructure connections (SSL encryption and/or authentication). It also uses a wallet to store the SSL certificates and credentials. I don't have personal experience on this approach.
    SSL and the wallet allow you to connect to the database similar to CONNECT/@net_service_name or sqlplus /@net_service_namehttp://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CIHCBIEG

  • Security and encryption inside Integration Server

    Hi,
    is it possible to encrypt the entire message process INSIDE PI. I don't mean "Adapter-Inbound" or "Adapter Outbound" communication, but rather "Adapter-to-Integration Server" and "Integration-Server-to-Adapter"?
    For example, that the message payload cannot be seen in SXMB_MONI etc.
    A potential scenario are HCM payroll data exchange.
    Thanks for any idea.
    -hs

    For example, that the message payload cannot be seen in SXMB_MONI etc.
    1) Do not log the message (check the blog: /people/michal.krawczyk2/blog/2007/04/30/xipi-personalized-logging-tracing) ....monitoring may not be possible then.
    2) restrict the user from viewing the payload....adding new-users to the no-view list to be managed by the Admins
    3) Make use of java logic in adapter module to encode the message before passing it to SXMB_MONI.....not all adapters support modules...complexity increases....decoding logic at receiving end required
    4) Make use of com.sap.security.api.ssf...disadvantages same as for point 3.
    Regards,
    Abhishek.

  • Are there any tools for data encryption and decryption ?

    Hi,
    i am using oracle 9i R2, i want encrypt my data. Are there any tools available in market.
    Please let me know the ways to do data encryption and decryption.
    Thanks in advance
    Prasuna.

    970489 wrote:
    using DBMS_OBFUSCATION_TOOLKIT.Encrypt /DESEncrypt we can't secure our password...So i am looking for an another alternative.As Blue Shadow said, what are you really trying to achieve?
    Encrypting a password is itself not secure. Anything that can be encrypted can be decrypted. That is why Oracle itself DOES NOT encrypt passwords.
    Surprised??
    Here's what Oracle does with passwords, and what others should be doing if they have to store them.
    When the password is created, the presented password - clear text - is concatenated with the username. The resulting character string is then passed through a one-way hashing function. It is that hashed value that is stored. Then when a user presents his credentials to log on to the system, the presented credentials are combined and hashed in the same manner as when the password was created, and the resulting hash value compared to the stored value.

  • Oracle Replication - Encrypted Data and Oracle Data Guard

    We are working on a high availability architecture for one of our new projects. The preliminary architecture has Oracle 10g Release 2(10.2.0.2) production database (primary database) running on Solaris10 server for OLTP operations. And a production replicated database (standby database) is running on another node running on Solaris10 server for reporting, ETL data extractions etc. The plan is to implement Oracle data guard (DG) to replicate data between primary database and standby database (logical standby database). As a side note, there is going to be one to two minute time log for data synchronization between primary and standby databases.
    We need to encrypt sensitive data (like SSN, Credit Card No. etc) in the primary production database. Initially we thought this can be achieved by using Oracle Transparent Data Encryption (TDE), this is a new encryption method Oracle came up with their 10g version. But the issue here is Oracle TDE doesn’t support setting up the logical standby database (using Oracle data Guard) for reporting on the second node. I have confirmed with Oracle on this, so we are kind of stuck in the middle on this new requirement. So our next option is to look out for any third party vendors who can resolve this puzzle, and looking for your help for any suggestions.
    · Do you know any vendor who can support both data encryption and data replication for Oracle databases?
    · Do you know any vendor who can support just data encryption for Oracle databases?
    (I am thinking if we can find a vendor, we would like to ask them if they have any technical issues working with Oracle data guard for data replication and use some kind of technique to decrypt the data on the standby/reporting database.)

    You can always use the DBMS_CRYPTO or DBMS_OBFUSCATION_TOOLKIT to encrypt the data rather than using TDE. You may have to do some work on the key management side, though, but it shouldn't be too painful.
    Justin

  • Virtex6:Configuration data download to FPGA was not successful. DONE did not go high, please check your configuration setup and mode settings

    Hello,everyone.
    I am using virtex6 FPGA and trying to download mcs file to PROM and have failed.
    I download .bit file to FPGA and succeed.
    When i try to download .mcs file to PROM XCF128X-FTG64C(BPI Flash) and choose Slave SelectMAP Mode
    and the process is about 68% it fails.
    The message below the IMapct is as belows:
    done.
    PROGRESS_END - End Operation.
    Elapsed time =      0 sec.
    // *** BATCH CMD : identifyMPM
    // *** BATCH CMD : assignFile -p 1 -file "C:/Users/Administrator/Desktop/TEST/LED/led.bit"
    '1': Loading file 'C:/Users/Administrator/Desktop/TEST/LED/led.bit' ...
    done.
    INFO:iMPACT:2257 - Startup Clock has been changed to 'JtagClk' in the bitstream stored in memory,
    but the original bitstream file remains unchanged.
    UserID read from the bitstream file = 0xFFFFFFFF.
    INFO:iMPACT:501 - '1': Added Device xc6vlx240t successfully.
    INFO:iMPACT - Current time: 2014/3/13 8:48:14
    // *** BATCH CMD : Program -p 1
    PROGRESS_START - Starting Operation.
    Maximum TCK operating frequency for this device chain: 66000000.
    Validating chain...
    Boundary-scan chain validated successfully.
    INFO:iMPACT - 1: Over-temperature condition detected! [ 230.52C >  120.00C]
    1: Device Temperature: Current Reading:  230.52 C, Max. Reading:  230.52 C
    1: VCCINT Supply: Current Reading:   2.997 V, Max. Reading:   2.997 V
    1: VCCAUX Supply: Current Reading:   2.997 V, Max. Reading:   2.997 V
    '1': Programming device...
     Match_cycle = NoWait.
    Match cycle: NoWait
     LCK_cycle = NoWait.
    LCK cycle: NoWait
    done.
    INFO:iMPACT:2219 - Status register values:
    INFO:iMPACT - 0011 1111 0111 1110 0100 1011 1100 0000
    INFO:iMPACT:579 - '1': Completed downloading bit file to device.
    INFO:iMPACT:188 - '1': Programming completed successfully.
     Match_cycle = NoWait.
    Match cycle: NoWait
     LCK_cycle = NoWait.
    LCK cycle: NoWait
    INFO:iMPACT - '1': Checking done pin....done.
    '1': Programmed successfully.
    PROGRESS_END - End Operation.
    Elapsed time =     23 sec.
    Selected part: XCF128X
    // *** BATCH CMD : attachflash -position 1 -bpi "XCF128X"
    // *** BATCH CMD : assignfiletoattachedflash -position 1 -file "C:/Users/Administrator/Desktop/TEST/LED/leda.mcs"
    INFO:iMPACT - Current time: 2014/3/13 8:49:32
    // *** BATCH CMD : Program -p 1 -dataWidth 16 -rs1 NONE -rs0 NONE -bpionly -e -v -loadfpga
    PROGRESS_START - Starting Operation.
    Maximum TCK operating frequency for this device chain: 66000000.
    Validating chain...
    Boundary-scan chain validated successfully.
    INFO:iMPACT - 1: Over-temperature condition detected! [ 230.52C >  120.00C]
    1: Device Temperature: Current Reading:  230.52 C, Max. Reading:  230.52 C
    1: VCCINT Supply: Current Reading:   2.997 V, Max. Reading:   2.997 V
    1: VCCAUX Supply: Current Reading:   2.997 V, Max. Reading:   2.997 V
    '1': BPI access core not detected. BPI access core will be downloaded to the device to enable operations.
    INFO:iMPACT - Downloading core file D:/Xilinx/14.3/ISE_DS/ISE/virtex6/data/xc6vlx240t_jbpi.cor.
    '1': Downloading core...
     Match_cycle = NoWait.
    Match cycle: NoWait
     LCK_cycle = NoWait.
    LCK cycle: NoWait
    done.
    INFO:iMPACT:2219 - Status register values:
    INFO:iMPACT - 0011 1111 0111 1110 0100 1011 1100 0000
    INFO:iMPACT:2492 - '1': Completed downloading core to device.
    Current cable speed is set to 6.000 Mhz.
    Cable speed is default to 3Mhz or lower for BPI operations.
    Current cable speed is set to 3.000 Mhz.
    Setting Flash Control Pins ...
    Setting Configuration Register ...
    Populating BPI common flash interface ...
    Common Flash Interface Information Query completed successfully.
    INFO:iMPACT - Common Flash Interface Information from Device:
    INFO:iMPACT - Verification string:  51 52 59
    INFO:iMPACT - Manufacturer ID:         49
    INFO:iMPACT - Vendor ID:              01
    INFO:iMPACT - Device Code:            18
    Setting Flash Control Pins ...
    Using x16 mode ...
    Setting Flash Control Pins ...
    Setting Configuration Register ...
    '1': Erasing device...
    '1': Start address = 0x00000000, End address = 0x008CE03B.
    done.
    '1': Erasure completed successfully.
    Setting Flash Control Pins ...
    Using x16 mode ...
    Setting Flash Control Pins ...
    Setting Configuration Register ...
    INFO:iMPACT - Using Word Programming.
    '1': Programming Flash.
    done.
    Setting Flash Control Pins ...
    '1': Flash Programming completed successfully.
    Using x16 mode ...
    Setting Flash Control Pins ...
    Setting Configuration Register ...
    '1': Reading device contents...
    done.
    '1': Verification completed.
    Setting Flash Control Pins ...
    Current cable speed is resumed to 6.000 Mhz.
    '1': Configuration data download to FPGA was not successful. DONE did not go high, please check your configuration setup and mode settings.
    `Elapsed time =    814 sec.
    and i find many people have met the same thing. But they are spartan  series FPGA and i try to low the Resistances of Mode pins,M0 M1 and M2, but the problem does not been solved.
    I have read the status Registers and find there is an over-temperature state 
    and in Impact i could not readback the registers. It is strange.
    I am anxious about this problem and have not solved it yet
    What reasons may it be?
    Hope for your answer, thank you

    Hi~I want to know if you solve the configuration problem for virtex-6?
    As I encounter the  same configuration problem, I want to consult  you with some question.
    Can I have your email?
    gszakacs wrote:
    I have measured the VCCINT and find it is 1.0V, not 2.997V;
    That is not at all surprising.  I always assumed the problem is with reading the XADC (system monitor) block and not with the voltage or temperature.
    my Reference board is ML605
    That would have been nice to know at the beginning...
    It seems that you have selected the correct mode, assuming your jumpers are set as required in the ML605 Hardware User's Guide.  See table 1-27, table 1-33 and the note below it about switch S1.
    I'm not that familiar with the details of this reference design, but it may be that the slave SelectMap circuitry requires a reset or power cycle to actually configure the FPGA.  Have you tried power-cycling to see if the FPGA boots from the flash?
    I'd also suggest that you select the V6 in the JTAG chain view, then go to the debug menu of Impact and select Read Device Status (this is from memory, but it's something like that).  That will not only show the bits of the configuration status register, but also describe what each bit means.  Among other things you can check the state of the FPGA's configuration logic and the Mode pins.
     

  • Configuration of oim 10g and oam 10g.. and integrating oam10g with oid

    Hi..
    i am trying to configure OAM10g and OIM10g and integrate OAM10g with OID..
    please send me the documents if any had...
    Thanks & Regards,
    avinash

    For integrating OIM 10g with OAM 10g, refer doc below:
    http://docs.oracle.com/cd/E14899_01/doc.9102/e14761/oamsso.htm#sthref78
    For OAM and OID integration refer:
    http://docs.oracle.com/cd/E15217_01/index.htm
    regards,
    GP

  • Integrating Adobe CS6 updates into Trial to make and upto date installer

    Hi,
    As the title says i would like to create and upto date installer for cs6 so that i can install it when i need to with all the updates already integrated rather than have to download them each time.
    1) Is this possible
    2) if it is, how do i go about it?

    Where applicable, the apps are already the updated versions. Beyond that there is no way to rig this differently AFAIK. Some updaters are patch installers that check and are dependent on existing full install while at the same time actualyl removing faulty components and it would be a nightmare to just create a custom install package for that.
    Mylenium

  • Diffrence btw configurable and master data?

    can anyone pls tell me the difference between configurable data and master data?
    thanks
    Edited by: tracey_hrecc6.0 on Sep 30, 2010 5:20 PM

    Configuration Data is what is created by the people who work on the software (an example would be the data created in various tables while creating Periodic Work Schedule Rules and the DWS & PWS behind them)
    while the Master Data is what is created by the users of the software (an example would be the data created when a user saves the IT0007 that identifies what Periodic Work Schedule Rule an employee is assigned to).

  • My Firefox will not open unencrypted data, when there is a page with encrypted and non encrrypted data

    When I try to review a page, I get a message that some of the info is encrypted and some isn't, then it only shows half the information. how do I get it to show all thee info on the page?

    Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
    *Don't make any changes on the Safe mode start window.
    *https://support.mozilla.com/kb/Safe+Mode
    *https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes

  • E-Recruiting - active on both central ECC + Standalone box and integrated?

    Hi,
    Can someone tell me if the following landscape is possible with E-rec? (we are installing ehp4)
    a) Our central ECC system with the E-Rec component activated. Used for internal recruiting.
      +
    b) A standalone E-Rec box , connected and integrated via ALE to the above central ECC system. Used for external recruiting.
    So we now have have E-rec activated on both systems with the standalone one integrated into the ECC6 one where E-rec is also active.
    Will we have all the functionality of E-Rec/Talent Mangement availalble in this landscape? Will the manager via the Recruiter business packages and MSS be able to use all functionality seemlesly with all data merged between the systems? Do you think all BI reporting on E-rec will work as it suppose to?
    We want to be able to integrate and use the data from both systems as a single unit with standard SAP functionality. We only want to physically seperate where the external and where the internal users log on to.
    Thanks

    Hello,
    My suggestion to you would be to have the ECC server upgraded to EHP4, activate E-Recruiting and have it inside the firewall as the back-end server. Recruiters and Managers accessing through portal will access this system. You will have the other server as the front-end server with E-Recruiting. Candidates will update their information in this front-end server, which will in turn update the back-end server through an RFC. This can be achieved through configuration if you check in SPRO.
    There is no such thing as external recruiting or internal recruiting to some extend. What you have is external and internal candidates in the same talent pool. It is when you post to candidates where you can select whether you want internal candidates only to apply or external candidates. The external will not see internal postings and vice-versa when they search for jobs. External candidates will login from the internet while internal candidates will login from the portal. Your candidate's information will be residing in both systems but the backend will be updated through an RFC.
    In this case the BI will work as normal. I hope this will help you - but this is my opnion.
    Best Regards,

Maybe you are looking for