Oracle advanced security problem

Similar Messages

• Oracle Advanced Security in Developer Forms 10g (10.1.2.)

  Hi everybody,
  I have installed Oracle RDBMS 10g v.2 (10.2.0) and Developer Suite 10g (v 10.1.2) on XP platform on the same machine.
  I want to configure encryption and SSL authentication (Oracle Advanced Security) using Oracle Net Manager of Developer Suite as I have done before on Oracle Net Manager of Oracle Database Server and Oracle Client 10g as well....
  The problem is that there is no such a selection in Oracle Net Manager and i'm wondering if there is the capability to install and configure Oracle Advanced Security in Developer Suite 10.1.2..
  Is there Developer Suite 10.2. downloadable from OTN....????
  Thanks , for your interest...
  Simon

  I believe they need to be in separate folders.
  I extracted them into separate folders, then ran setup.exe from disk 1. It will ask you for the location of disk 2, enter that path and away it went.

• EBS R12.1 with Oracle Advance Security option  - is it certified ?

  Hi,
  Environment details are below:
  EBS R12.1.1
  Oracle database version is 10g R2 (10.2.0.4) .
  OS is Solaris 10
  We are looking for an option of implementing Oracle advanced security option (ASO) .But want to know if its certified with EBS R12.1.1 / 10g R2 database.
  I checked few links but I'm not clear if its certified.
  http://blogs.oracle.com/stevenChan/2008/07/10gr2_10204_certified_with_apps_11i.html
  from the above link i understand its certified on 11i (11.5.10 CU2 only)
  <<Advanced Security Option / Advanced Networking Option (ASO / ANO) (11.5.10.CU2 only)>>
  Dees anyone know about this certification. If you have any pointers please let me know.
  Thanks for your time.
  Note : ASO is certified with 11g database. 11gR1 but I'm looking for 10g R2 (10.2.0.4)
  http://blogs.oracle.com/mt/mt-search.cgi?blog_id=101&tag=EBS%2012&limit=20
  Cheers,
  sbs
  Edited by: sbs on Oct 14, 2009 5:23 PM

  Hi,
  Please see this link.
  10gR2 10.2.0.4 Database Certified with Apps 12
  http://blogs.oracle.com/stevenChan/2008/08/10gr2_10204_database_certified_with_apps_12.html
  Regards,
  Hussein

• Enterpise User Security, OID and Oracle Advanced Security

  Do we also need Oracle Advanced Security when using the OID
  solution (Oracle Application Server)? I just seem to remember
  coming across something where some portion of the LDAP directory
  needed to communicate over SSL, and I wasn't sure if this
  implied that Oracle Advanced Security was needed.
  Thanks.

  Hi!
  As long as you use the LDAP via SSL purely in the Application Server then there is no need for Advanced Security.
  As you mentioned Enterprise Users - which is a database user authenticated by the OID, you will need the Advanced Security option.
  cu
  Andreas

• Pros and Cons in using Oracle Advanced Security vs IPSEC?

  In the CIS guidelines I've read the following:
  "OAS Integrity/Encryption should only be used if required because of non-SSL clients"
  and
  "Only implement OAS if a local integrity/encryption policy does not already exist, e.g., IPSec or other means for providing integrity/confidentiality services."
  Does anyone understand the argument?
  Is it:
  A. Because you don't want/need to "double bag" your secure communications?
  B. Because it's an additional expense and other options are cheaper?
  C. Because it's difficult to configure properly?
  D. Because for some unknown reason it's not possible to use PKI with all your clients?
  E. Some other reason?
  F. All of the above?
  I just want to know which method is superior or inferior and under what options I might go for one and not the other.

  Hi,
  let me try an answer, others please comment:
  I understand the first sentence this way: "Use OAS when there are clients that don't support SSL"; if you need to provide encryption/integrity for these clients regardless, OAS provides native, non-SSL-based network encryption/integrity that is extremely easy to switch on; see here:
  http://www.oracle.com/technology/obe/11gr2_db_prod/security/network_encrypt/ntwrkencrypt.htm
  The 2nd sentence says that you don't have to double bag; if IPSec is in place (and properly configured), OAS doesn't need to encrypt SQL*Net traffic one more time.
  Hope this helps,
  Peter

• Information required in "Advanced Security in Oracle 8i"

  Dear All,
  We are planning to secure our database by using Oracle Advanced Security option.My concern is that I have one central database for my main application. Some modules require security while the rest do not need that.
  Can I secure some schemas of database by leaving other schemas unsecure ? I mean can I apply security option to one schema and not to the other of same database?
  Anyone who can give solution to the above problem will be highly appreciated.
  Waiting for quick response.
  Regards
  Mehdi

  Hi Mehdi ,
  You can check out the VPD concept provided by Oracle in which you can apply the security on the required schema/table only and it thus meet your requirement of providing security option to one schema and not to the other of same database.
  -Shefali
  null

• How to configure Oracle 10g Advanced Security to use SSL concurrently with

  How to configure Oracle 10g Advanced Security to use SSL concurrently with database User names and passwords
  In Oracle Advanced Security Documentation it is mentioned that i can use SSL concurrently with DB user names and passwords. But when i configure the client certificate on the client my DB connection is getting authenticated using the certificate, which out passing user id or password.
  We want to connect to Oracle DB over SSL channel so that the data packets are not in clear text. Also we want the user to make a connection using user id and password.
  Basically we want SSL with out authentication.
  Need your expert advice

  Read the documentation (I have given following links assuming you are running a 32 bit architecture)
  Server installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14316%2Ftoc.htm&remark=portal+%28Books%29
  Client installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14312%2Ftoc.htm&remark=portal+%28Books%29
  You can find the required books (if not using 32 bit architecture) from
  http://www.oracle.com/pls/db102/portal.portal_db?selected=3

• Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?

  Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?
  We are not licensed for the Oracle Advanced Security Option and I have been tasked to use Oracle Network Data Encryption in order to encryption network traffic between Oracle instances that reside on remote servers. From what I have read and my prior understanding this is not possible without ASO. Can someone confirm or disprove my research, thanks.

  Hi, Srini Chavali-Oracle
  As for http://www.oracle.com/technetwork/database/options/advanced-security/advanced-security-ds-12c-1898873.pdf?ssSourceSiteId… ASO is mentioned as TDE and Redacting Sensitive Data to Display. Network encryption is excluded.
  As for Network Encryption - Oracle FAQ (of course this is not Oracle official) "Since June 2013, Net Encryption is now licensed with Oracle Enterprise Edition and doesn't require Oracle Advanced Security Option." Could you clarify this? Thanks.

• No "Advanced Security" in Net Manager

  Hello,
  I have no "Advanced Security" in Net Manager, but i need it to configure SSL. I tryed to reinstall Oracle Advanced Security, but without any result. Please help !
  Martin.

  Yes, actually, it was some result - Wallet Manager appeared again.
  In fact, my problem in details:
  I wrote code to get XML files to the
  database from remote server via HTTPS, and it worked without any
  problems. But after some period, I found that code is not working any
  more! I have such error: ORA-29024: Certificate validation failure.
  HTTPS-link to get XML from the remote server is still still availible
  in browser (without using any certificates). After some research, i
  discovered that Oracle Wallet Manager is disappeared from the server.
  So I reinstalled Oracle Advanced Security, and got OWM back, but my code
  still not working... My code is something like :
  UTL_HTTP.SET_WALLET('file:C:\Documents and
  Settings\Administrator\ORACLE\WALLETS','OraWall+');
  UTL_HTTP.SET_RESPONSE_ERROR_CHECK (ENABLE => TRUE );
  UTL_HTTP.SET_DETAILED_EXCP_SUPPORT (ENABLE => TRUE );
  req := UTL_HTTP.BEGIN_REQUEST (url => p_Url, METHOD => 'GET'); --
  here I have an error
  ORA-29261: bad argument
  ORA-06512: at "SYS.UTL_HTTP", line 1387
  ORA-06512: at "LKF.URL_GEN", line 229
  ORA-29024: Certificate validation failure
  ORA-06512: at "LKF.URL_GEN", line 430
  ORA-06512: at line 1

• Advanced Security Option(ASO)

  Hi,
  I am new to ASO , could any one please let me know how do i configure my database to use Advanced Security Option(ASO)?
  Thanks..

  Hello,
  You can check Notes 331252.1 (Configuring Oracle Advanced Security Option (ASO) with Microsoft Windows Server 2003 Active Directory Kerberos KDC)
  and 552852.1 (How To Confirm if Advanced Security Option is being Used).
  Best Regards...

• Need to solve serious security problem with Oracle Reports URL

  As mentioned repeatedly on this forum, Oracle Reports allows serious security breaches that allow users to see reports that they did not generate -- it's easy to guess a legal URL by changing the getjobid parameter.
  I've reviewed the JavaDocs to part of the rwrun.jar file and reviewed some of the example report plugins. This shows promise in helping to solve this security problem but critical pieces are missing.
  1) The javadocs are accurate for only 10g (9.0.4) but not correct for 10g (10.1.2+), which we are currently using. I need access to the updated version of this javadoc.
  2) Even with the updated version of the JavaDoc, I haven't found a class from which to inherit that would give me the opportunity to generate random jobid values, which then would effectively prevent users from guessing other jobid values, and thereby gaining access to other's reports (which in our cases, may contain sensitive information.
  3) We have found that we can send the parameter=value of EXPIRATION=1 which helps protect such information, but this requires that every program which invokes a report be modified to add this parameter. It would be far better for the report server to be configured to use a java class we write that inherits from some rwrun.jar class that would by default, add the EXPIRATION=1 parameter.

  Hi,
  Thanks for our replies. I will ask to an administrator about this security problem, now I know it depends of a security parameter.
  But I would know if it could be possible to hide the technical name of the query in the url. It could improve the security level of our reports in a first time in this way.
  Thanks a lot,
  JW.

• Advance Replication and Oracle Label Security

  Has anyone been able to configure both Advance Replication and Oracle Label Security to work together?

  This is currently not supported in Streams. I have an enhancement request in with Oracle for this functionality. This won't be seen in 11g R2 either.
  Has anyone done Label Security with Advance Replication?

• Flex on Oracle Application Server 10g - security problems

  Hi,
  I'm working with Flex components (swf files), I'm trying to view them in a browser and i'm facing some security problems.
  The server i'm trying to run the files on is: Oracle application server 10g on Unix server.
  Please help me with the server's configuration to allow running swf files on it.
  In the relation of Flex, there is a file that must be on the server's root named: "crossdomain.xml". This file defines which IPs can the swf object can take/get data from. Maybe there are configurations to that file that needs to be done on the server?
  Thank you,
  Inbal

  No. Not only it isn't certified, but it is also impossible to run forms compiled with the 11g compiler with the 10g runtime. For 11g there is a install bundle for the developer suite / application server.
  cheers

• Problem with Advanced Security Manager

  Hi
  I am using the advanced security manager to migrate security from Essbase 7 server to Essbase 11 server. The users who are externally authenticated on essbase 7 server are under native security mode on the Essbase 11 server after security import.Does the Advanced security manager put all the users (whether they are externally authenticated or under native security mode) in native security mode after import?
  Please help

  Hello 831221
  In version 11 "native" means that the users are stored in OpenLDAP (once Essbase was externalized).
  You would only be able to create "external" users if the Shared Services have been connected to an external User Source (e.g. MSAD) prior to
  importing the users.
  best regards
  .T

• Fusion Apps web service call fails with error access denied (oracle.wsm.security.WSFunctionPermission)

  Hello Guru,
  I am trying to call a supplier service from SOA/OSB.
  But while calling the service it is failing with the below error message
  access denied (oracle.wsm.security.WSFunctionPermission http://xmlns.oracle.com/apps/prc/poz/suppliers/supplierService/SupplierService#getSupplierVO invoke)
  As per OER cookbook i have attached the "oracle/wss_username_token_client_policy" to the Fusion  apps web service.
  I am trying to pass security credentials to the service by using all the methods... through composite ..through bpel through wsse header but in all cases i am getting similar error.
  Please let me know if some one has called the fusion apps web service to create a supplier of solution to my problem  as mentioned above.

  Hi Sai,
      Thanks for the quick and correct response. Yes, after doing the research, I'm also came to same conclusion. But what stops me here is that where exactly I need to check for this permission.
  I mean the theory what I built on this Authorization/Permission is that:
     For the resource - WebService (SupplierService), there is an assigned application role for which the Entitlement/Permission is provided.
  Pls. help me in the below items:
  a. What is the application role(in role hierarchy) assigned to this resource(Webservice). Which page I need to check(navigation) this and the required credentials..
  b. What is the Entitlement provided for this application role for this operation (getSupplierVO) invoke.. Which page I need to check(navigation) this and the required credentials..
  Thanks in Advance.
  Thanks & Regards
  Madhu