-
Network encryption doubt
I learnt that in order to configure n/w encryption you will need to enable the parametes in the SQLNET.ORA file both on the client and server.
What happens in case of three-tier architecture where java based (web based) applications run?
I mean assuming database is on a seperate server, and app server is seperate, SQLNET.ORA of database can be configured on the server; BUT what about the SQLNET.ORA of the client in this case?
I mean if we are accessing the web application (developed in java) from a dubm machine that has just an explorer, where would we have to configure the SQLNET.ORA file .. on the dumb machine that has just the browser or the App server?
Or is it that the n/w encryption is applicable only for ODBC connections and not JDBC (web based connections) to Oracle database?
Hope I have explained what my doubt is clearly...
Can someone help me out...
-
how the dumps going by the way?
Anyway, it will be on the app tier and there is no connection from your pc to the database, all connections go through the app tier
-
Usually Encryption through a web browser is handled by digital certificates and Ipsec. You know what https is. I'm sure if you goto Oracle's website and did a search, they probably have a white paper that explains it.
-
interesting
we know that we can
web => encryprt => web server => ? app server => encrypt => database
I did a little research and found that in PeopleSoft at least cou can configuire the application servers to handle encrypted traffic on the JOLT listener from the web server, so there you go, the chain is completly secure
I'm stmontgo and I approve of this message
-
Originally posted by davey23uk
how the dumps going by the way?
Anyway, it will be on the app tier and there is no connection from your pc to the database, all connections go through the app tier
But you see, even between the client (so-called dumb machine that has just the explorer) and the App server, he HTTP request is going.. means in the network I/O that happens between the client and App Server the SQL is being passed and also on the return, the results are being passed over the network between the app server and client (correct me if I am wrong).
So if there is no encryption enabled on the client, hackers can hack the data right? Hope you got my point.
P.S. Dumps are closed chapters; lets not reopen them
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|