How to disable EZConnect connections?

Anyone run into this problem yet - EZConnect apparently bypassing SSL-tunneling software?
My situation:
I have been using Oracle nearly ten years. I'm been on 10gR2 since 2005.
My sqlnet.ora file (on server and all clients) has the following entry: NAMES.DIRECTORY_PATH=(TNSNAMES).
This leads me to assume that ONLY connections made using that method are permitted to connect.
I connect from my clients (PCs and Linux web servers) to the Oracle server through an SSL-tunnel created by STunnel, an open-source encryption package. The clients all have Oracle Instant Client installed.
The TNS_ADMIN enviroment variable is set on all clients to point to the directory where I placed the sqlnet.ora and tnsnames.ora files.
Everything has worked fine, and the SQL*Net transmissions are encrypted by STunnel in transit to and from the Oracle server. This I verified by using tcpdump.
When I turn off STunnel on either end, I get TNS error messages, which is expected and good.
The goal is to encrypt the SQL*Net transmissions.
I recently installed the early adopter SQL Developer Data Modeling tool on my PC. This is a standalone application. The connection options do not include TNS (unlike the base SQL Developer tool).
I was able to connect my normal way, through my STunnel configuration.
However, I decided to try the EZConnect syntax and to my horror, got right through to the Oracle server, bypassing STunnel, and apparently igoring my server-side sqlnet.ora file.
I then tried the EZConnect syntax to try connecting from SQL*Plus on a client to the server. This failed, which is expected and good.
I then tried the EZConnect syntax on plain old SQL Developer, and once again got right through to the Oracle server, bypassing STunnel, and apparently igoring my server-side sqlnet.ora file.
How and why is my server-side NAMES.DIRECTORY_PATH configuration being ignored?
I opened a TAR the other day, SR 7137162.993. Any Oracle employees with access, please check it out.
So, to sum up:
1) EZConnect works from the Java client applications, even though it is not specified in the server-side sqlnet.ora file.
2) EZConnect does NOT work using SQL*Plus from any client (Good!)
3) The Java client apps probably connect using JDBC? I searched their installation directories looking for config files in which connection string parameters were set, but found none.
4) EZConnect is a very insecure connection method as it appears to bypass third-party encryption tools.
It may be that I missing some configuration item somewhere.
No, my organization is not going to license the Advanced Security option just to get Oracle-configured SSL capability.
Thanks for any insight anyone can provide.
Ken Banyas

In general, connections that use a thin (type 4) JDBC driver will bypass the tnsnames.ora and sqlnet.ora files because they don't need those files to exist. One of the primary benefit of the type 4 JDBC drivers is that the Java code's connection string is fully specified in Java and doesn't depend on configuration files outside the JVM. So I wouldn't be surprised that any Java-based application could use the EZConnect syntax.
It is not obvious to me, though, why EZConnect would bypass any SSL tunnel that you had established. Assuming that you've instructed your client to send all traffic on a particular port going to a particular IP address to use a tunnel, I'm not sure why (or how) EZConnect syntax would bypass that. I would tend to expect that the problem was with the SSL tunnel configuration but perhaps I'm missing something on the network side.
Justin

Similar Messages

  • How to disable gprs connection on BB 8900?

    Hi,
    Anybody knows how to disable gprs connection on BB 8900?
    I don't want to get connected to gprs accidentally w/o knowing...
    Thanks!

    Sure I can! Please follow the steps below:
    From the home screen on the BlackBerry click Options > Mobile Network and then change Data Services to Off.

  • How to disable auto connect feature in SQLDeveloper's connections manager

    Hi Guys,
    I work with SQLDeveloper 2.1.1 (Patch 1)
    It attempts to connect to the target always after you Right click on saved connection from within the connections' manager list.
    Does any one know how to disable that auto connect feature in SQLDeveloper?
    Any help would be appropriated.
    Cheers!!

    Hi, a good question:
    Here's my list of extensions installed:
    - Open Insider View (4thelephant) Insider SQLDeveloper
    - Oracle SQLdeveloper data modeler viewer
    - Oracle SQLdeveloper Migrations - MS Access
    - Oracle SQLdeveloper Migrations - MySql
    - Oracle SQLdeveloper TimesTen
    - Versioning support.
    That's all what i can see in extensions window.
    Cheers!!
    eMarcel

  • How to disable auto connecting to internet?

    Hi, I have some problems with nokia n97 mini. The problem is auto connectig to internet, then i disable active connections, after ~30 seconds it auto connects again. So how disable this ?
    Thanks.

    menu,settings,connectivity,admin settings,packet data and select when needed
    this shoulrd stop this
    also as pointed out above if you have an email client or app that requires connection tjese would have to be removed
    If  i have helped at all a click on the white star below would be nice thanks.
    Now using the Lumia 1520

  • How to disable Spotify Connect

    So, I have a question. How can I disable Spotify Connect??? Me and my brother share the same Spotify Premium account. But, the thing is, we can't listen to music at the same time, each of us on our respective iphone, cause whenever I choose a song on my iphone, his iphone stops playing his song. Even if we choose our devices on that Spotify Connect page. It just does not work. So, is there a way, any way, to disable this Spotify Connect? It's really bugging me.

    hi , there is no way to disable Spotify Connect, and sharing accounts is against Spotify's terms of service. My recommendation is to look at signing up for a family plan instead: https://www.spotify.com/family/

  • How to disable network connections for an application

    Hi to all,
    I would like to know if there is any way a user can disable network connections for a specific application.
    Thank you,
    Xwang

    Yes, but I would like to block only a specific application, not all the traffic from the PC.
    I've found this "solution" which uses iptables on the net:
    "Add a group to your system (I use nonet myself), then add a rule to your output chain like this: -A OUTPUT -m owner --gid-owner nonet -j REJECT --reject-with icmp-net-unreachable Run the program for which you know in advance that you want to block, with sg (sg nonet "your_prog your_args")."
    Do you think is it right?
    Another suggestion was to use unshare to call the program disabling the net for that program only.
    The problem is that unshare is runnable only by root so, in case, I should turn on its setuid flag in order to execute the program as a normal user, but I don't know if it is safe to do that.
    Last edited by Xwang (2014-10-11 08:06:16)

  • How to disable the "Connect to Second Node" task of the Windows Server 2012R2 and run a customized verision of this task?

    I am running a customized ICT. When I am running the ICT on a single node cluster, it is automatically detecting the if remote node is present? I need to disable this feature of ICT and tweak it to have a customized version of this. How to disable this
    task?

    Hi Sounak Ghosh,
    You can customize the ICT by the following KB:
    Windows Storage Server 2012: Planning and Deployment
    https://technet.microsoft.com/en-us/library/jj643306.aspx?f=255&MSPPError=-2147217396
    Server Manager Extension Schema
    https://technet.microsoft.com/en-us/library/hh825683.aspx
    I’m glad to be of help to you!
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • How to disable "This Connection is Untrusted" warning in firefox using shell or perl script running on Linux Platform

    We have QA automation jobs that invoke user interface tests in Firefox running on a virtual Linux host.
    My tests perform regression, but I'm held up because of the Firefox This Connection is Untrusted warning.
    My current requirement is to ignore this connection untrusted warning, which comes up when accessing an HTTPS website and i want this to be disabled through either a shell or a Perl script.
    I can do this manually using the steps below, but this will not work for my current problem since the virtual Linux hosts are created dynamically on submission of automation jobs.
    Go to Tools > Options > Advanced "Tab"(?) > Encryption Tab Click the "Validation" button, and uncheck the checkbox for checking validity.
    Is there any Perl or shell script that disables this certificate warning?

    There might be an add on to accomplish this:
    *[https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/ Skip Cert Error]
    However if we cannot find a solution there might be another place for support:
    *[https://support.mozilla.org/en-US/kb/where-go-developer-support Where to go for developer support]

  • How to disable People Connection services in WebCenter 11g Spaces

    Hi everyone,
    We have installed and configured WebCenter 11g (11.1.1.2.0). People Connection is installed by default. One of the requirements is to disable the People Connection service in our customer's production environment.
    Is there anyway to disable the People Connection Tab or part of the services such as Connections, Activity Stream and Feedback?
    Thanks in advance.
    Johnny

    Did you try this...
    Login to WebCenter spaces as and Administrator (weblogic), navigate to >> Administration >> Security >> Roles Tab.
    There you can check/uncheck People Connections. From the window it states, "Application roles determine what users can see and do in WebCenter Spaces. Select or clear the check boxes to configure role permissions or click Create Role to define a new application role. The Spaces-User role is the default role assignment for any user who logs in to WebCenter Spaces. The Public-User role represents any user who is not logged in."
    If you uncheck it for the Public-user and Spaces-User role, your users should not be able to use People Connections.

  • How to disable "This connection is untrusted" ?

    I just installed a fresh windows xp on my pc and I'm using the latest FF 26.0,but from the start i cant get to some pages,like in youtube,some pages doesnt come up and i get the "This connection is untrusted" page,in the technical details it says "youtube.com uses an invalid security certificate,the certificate is not trusted because no issuer chain is provided.(Error code:sec_error_unknown_issuer).
    also when i open FF add-ons manager tab Extensions,Appearance,Plugins and Services are ok but the Get Add-ons tab is not working,i get the same page as i stated above with the same technical details (instead of youtube.com it's services.addons.mozilla.org) and same error.
    I've tried all solutions on the web and on this forum like reset FF, adjust time & date, using the "Skip cert error" add-on, deleting the cert8.db file, and so on - none of them helped me with this problem.
    If it helps i use Avast! antivirus and window firewall,no other software on that pc.
    I'm pretty clueless about what else i can do,any suggestion that might help?
    Thanks!

    Finally solved the problem...
    when I found out with your help cor-er, that the issuer of the certificate is netscape i figured it has something to do with my internet provider, since im using special provider that blocks "adult" sites and other harmfull sites,i needed to add a certein certificated from my provider's web site,after doing so all problems were gone immidiatly.
    Thank you so much for the quick respond and all the help!

  • Disable webex connect

    Hi.
    I set up Jabber for connection to Unified Presence server, but when Jabber starts, tries to open go.webex.com/...(I see it on Wireshark and on proxy firewall) Therefore it always displays a window with request of login and password for our proxy server.
    Can someone advise how to disable webex connect in Jabber?

    Are you sure you have installed Jabber and not the webex connect client (which will automatically connect to webex connect cloud services).
    In Jabber, before you sign in, you have the choice to choose between server types:
    =============================
    Please remember to rate useful posts, by clicking on the stars below. 
    =============================

  • How do I disable "this connection is untrusted" I visit the same web site mutiple times in a day visit I get this same error, these are trusted sites within my work

    How do I disable "this connection is untrusted" I visit the same web site mutiple times in a day and every visit I get this same dam error, these are trusted sites within my work environment. This is getting really old, and I am thinking that I should just uninstall, which is a pity becuase I do like firefox

    Okay, before you copy 'n paste canned responses, you should read the post first.
    '''The date & time on my computer is correct''' I've already checked this.
    '''I don't give a damn why the site is untrusted''', I probably know why in fact (behind corporate proxy server).
    As for exporting a known good certificate from another browser, sure good idea, but it doesn't seem to work. I tried exporting from IE, Firefox did the import without complaint, but it still complains. At any rate, I don't care about that. '''I just want to permanent disable it for ALL SITES for ALL TIME'''. Is that too much to ask for?
    Judging by the number of posts on this topic, apparently I am not the only one complaining about this.

  • HT204023 How to disable personal hotspot.i upgraded to ios6 since then personal hotspot is showing connecting but it hasnt.there is no on off option.

    PLease help.How to disable personal hotspot.i upgraded to ios6 since then personal hotspot is showing connecting but it hasnt.there is no on off option.

    I'm using other gadget and wifi tethering works (hotspot)fine.
    Already consult with cellular provider and they confirmed that the problem might be on device.
    Do you think upgrading the ios might solve the problem?

  • How to disable Notification sound on windows 7 after I connected iphone 5 by USB?

    Just got my iphone 5, everything was fine until this afternoon. I connected the iphone 5 by USB to windows 7. Now windows 7 will make the same notification sound when my iphone 5 got a email, sms, whatever notification it going. It is so annoying and it did not happen before. Anyone know how to disable the notification sound on windows 7 side? Thank you

    Just got my iphone 5, everything was fine until this afternoon. I connected the iphone 5 by USB to windows 7. Now windows 7 will make the same notification sound when my iphone 5 got a email, sms, whatever notification it going. It is so annoying and it did not happen before. Anyone know how to disable the notification sound on windows 7 side? Thank you

  • HT201210 hai.can i check with u..i forgot my password..n its stated phone disabled n connect to itunes..so how do i continue from here..n is my data still in my phone..thanks

    hai.can i check with u..i forgot my password..n its stated phone disabled n connect to itunes..so how do i continue from here..n is my data still in my phone..thanks

    If You Are Locked Out Or Have Forgotten Your Passcode
    iTunes 10 for Mac- Update and restore software on iPod, iPhone, or iPad
    iPhone, iPad, iPod touch: Wrong passcode results in red disabled screen
    iOS- Understanding passcodes
         If you have forgotten your Restrictions code, then follow the instructions
         below but DO NOT restore any previous backup. If you do then you will
         simply be restoring the old Restrictions code you have forgotten. This
         same warning applies if you need to restore a clean system.
    A Complete Guide to Restore or Recover Your iDevice (if You Forget Your Passcode)
    If you need to restore your device or ff you cannot remember the passcode, then you will need to restore your device using the computer with which you last synced it. This allows you to reset your passcode and re-sync the data from the device (or restore from a backup). If you restore on a different computer that was never synced with the device, you will be able to unlock the device for use and remove the passcode, but your data will not be present. Refer to Updating and restoring iPhone, iPad and iPod touch software.
    Try restoring the iOS device if backing up and erasing all content and settings doesn't resolve the issue. Using iTunes to restore iOS devices is part of standard isolation troubleshooting. Restoring your device will delete all data and content, including songs, videos, contacts, photos, and calendar information, and will restore all settings to their factory condition.
    Before restoring your iOS device, Apple recommends that you either sync with iTunes to transfer any purchases you have made, or back up new data (data acquired after your last sync). If you have movie rentals on the device, see iTunes Store movie rental usage rights in the United States before restoring.
    Follow these steps to restore your device:
         1. Verify that you are using the latest version of iTunes before attempting to update.
         2. Connect your device to your computer.
         3. Select your iPhone, iPad, or iPod touch when it appears in iTunes under Devices.
         4. Select the Summary tab.
         5. Select the Restore option.
         6. When prompted to back up your settings before restoring, select the Back Up
             option (see in the image below). If you have just backed up the device, it is not
             necessary to create another.
         7. Select the Restore option when iTunes prompts you (as long as you've backed up,
             you should not have to worry about restoring your iOS device).
         8. When the restore process has completed, the device restarts and displays the Apple
             logo while starting up:
               After a restore, the iOS device displays the "Connect to iTunes" screen. For updating
              to iOS 5 or later, follow the steps in the iOS Setup Assistant. For earlier versions of
              iOS, keep your device connected until the "Connect to iTunes" screen goes away or
              you see "iPhone is activated."
         9. The final step is to restore your device from a previous backup.
    If you can not restore your device then you will need to go to recovery mode.
    Placing your device into recovery mode:
    Follow these steps to place your iOS device into recovery mode. If your iOS device is already in recovery mode, you can proceed immediately to step 6.
         1. Disconnect the USB cable from the iPhone, iPad, or iPod touch, but leave the other end
             of the cable connected to your computer's USB port.
         2. Turn off the device: Press and hold the Sleep/Wake button for a few seconds until the
             red slider appears, then slide the slider. Wait for the device to turn off.
              If you cannot turn off the device using the slider, press and hold the Sleep/Wake
              and Home buttons at the same time. When the device turns off, release the Sleep/Wake
              and Home buttons.
         3. While pressing and holding the Home button, reconnect the USB cable to the device.
             The device should turn on. Note: If you see the screen pictured below, let the device
             charge for at least ten minutes to ensure that the battery has some charge, and then
             start with step 2 again.
         4. Continue holding the Home button until you see the "Connect to iTunes" screen.
             When this screen appears you can release the Home button.
         5. If necessary, open iTunes. You should see the following "recovery mode" alert:
         6. Use iTunes to restore the device.
    If you don't see the "Connect to iTunes" screen, try these steps again. If you see the "Connect to iTunes" screen but the device does not appear in iTunes, see this article and its related links.
    Additional Information:
    Note: When using recovery mode, you can only restore the device. All user content on the device will be erased, but if you had previously synced with iTunes on this computer, you can restore from a previous backup. See this article for more information.

Maybe you are looking for

  • Mozilla Firefox 20.0.1 keeps crashing for weeks on end

    Ever since 2 or 3 updates ago, my Firefox browser has been crashed every 15 minutes. I have sent numerous crash reports to Mozilla, yet they don't take any action whatsoever to fix the problem. I even submitted my email for them to get back in touch

  • ICloud Deleted a document from all my devices and I didn't want it to. Help!?

    I just upgraded my ipad and my mom's ipad to IOS5 a few days ago and I linked them both the the iCloud. What I didn't anticipate is that when I chose to allow the iCloud to work for my documents in pages, it suddenly transfered the files from my mom'

  • Kernel Panic, when i was watching youtube Videos or NetFlix./ Cuando veo videos en youtube o Netflix entra en Kernel Panic.

    I have a problem with using flash in Firefox. to be watching a movie in flash (netflix) or videos on youtube, my macbook overheats and goes into "Kernel Panic". I have 2.5 GB of RAM and my mac is intel core 2 duo 2.16. Before I went this problem and

  • Can't stop Pop up ads on yahoo home page

    Hi, I have 3GS with latest 4.3.3 os.  Last couple of days, every time I open yahoo home page (uk.m.yahoo.com) I get pop up ad at bottom of the page. Clicking on the close button only removes it to a tap that appears at edge of screen. If I open the a

  • Consigenment

    Hi Gurus I have a problem that i have taken 3 company's outlet under consignment scenario can i transfer the the special stock of 1st outlet to the 3rd / 2 nd outlet without picking it up in the plant plz heip healful ans will be rewarded plz plz plz