DBAsupport.com Forums - Powered by vBulletin
Results 1 to 5 of 5

Thread: Network encryption doubt

  1. #1
    Join Date
    Jul 2003
    Posts
    134

    Network encryption doubt

    I learnt that in order to configure n/w encryption you will need to enable the parametes in the SQLNET.ORA file both on the client and server.

    What happens in case of three-tier architecture where java based (web based) applications run?

    I mean assuming database is on a seperate server, and app server is seperate, SQLNET.ORA of database can be configured on the server; BUT what about the SQLNET.ORA of the client in this case?

    I mean if we are accessing the web application (developed in java) from a dubm machine that has just an explorer, where would we have to configure the SQLNET.ORA file .. on the dumb machine that has just the browser or the App server?

    Or is it that the n/w encryption is applicable only for ODBC connections and not JDBC (web based connections) to Oracle database?

    Hope I have explained what my doubt is clearly...

    Can someone help me out...

  2. #2
    Join Date
    Sep 2002
    Location
    England
    Posts
    7,334
    how the dumps going by the way?

    Anyway, it will be on the app tier and there is no connection from your pc to the database, all connections go through the app tier

  3. #3
    Join Date
    Nov 2004
    Posts
    24
    Usually Encryption through a web browser is handled by digital certificates and Ipsec. You know what https is. I'm sure if you goto Oracle's website and did a search, they probably have a white paper that explains it.

  4. #4
    Join Date
    Aug 2002
    Location
    Atlanta
    Posts
    1,187
    interesting

    we know that we can

    web => encryprt => web server => ? app server => encrypt => database

    I did a little research and found that in PeopleSoft at least cou can configuire the application servers to handle encrypted traffic on the JOLT listener from the web server, so there you go, the chain is completly secure
    I'm stmontgo and I approve of this message

  5. #5
    Join Date
    Jul 2003
    Posts
    134
    Originally posted by davey23uk
    how the dumps going by the way?

    Anyway, it will be on the app tier and there is no connection from your pc to the database, all connections go through the app tier
    But you see, even between the client (so-called dumb machine that has just the explorer) and the App server, he HTTP request is going.. means in the network I/O that happens between the client and App Server the SQL is being passed and also on the return, the results are being passed over the network between the app server and client (correct me if I am wrong).

    So if there is no encryption enabled on the client, hackers can hack the data right? Hope you got my point.

    P.S. Dumps are closed chapters; lets not reopen them

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width