Add the following to your server’s sqlnet.ora file:
sqlnet.encryption_server=required sqlnet.encryption_types_server=AES128
Add the following to your client’s sqlnet.ora file:
SQLNET.ENCRYPTION_CLIENT = accepted
Note:
A list of encryption algorithms can be stated on each side, and the first one common to both client and server in the list will be chosen.
Verify that SQL Net Encryption works
In client’s sqlnet.ora:
ADR_BASE = C:\app\k90387 TRACE_LEVEL_CLIENT = ADMIN
This above will create an ADR directory structure on the client, in my case trace files are written to
c:\app\vegard\oradiag_vegard\diag\clients\user_vegard\host_3450395457_76\trace
Create a session against the database:
SQL> connect vegard/vegard@oras Connected. SQL> exit
Open your windows explorer and look in the folder
c:\app\vegard\oradiag_vegard\diag\clients\user_vegard\host_3450395457_76\traceYou'll now see two files: one .trc file and one .trm file
Open the .trc file in a text editor, and search for the following:
2014-11-28 14:11:13.374358 : -> PARAMETER TABLE HAS THE FOLLOWING CONTENTS <- 2014-11-28 14:11:13.374375 : SQLNET.ENCRYPTION_CLIENT = accepted 2014-11-28 14:11:13.374392 : ADR_BASE = C:\app\vegard . . . 2014-11-28 13:48:28.033764 : na_tns: authentication is not active 2014-11-28 13:48:28.033781 : na_tns: encryption is active, using AES128 2014-11-28 13:48:28.033797 : na_tns: crypto-checksumming is not activeNote that neither authentication nor crypto-checksumming is active, but encryption is. As expected.
Sources:
No comments:
Post a Comment