Hi all,
I would like to know if I could configure ssl between my application and a remote database server.
Oracle Database and web app on weblogic server
Thanks
A:
I have not done this but believe you need oracle advanced security option
http://www.oracle.com/technology/sample_code/deploy/security/files/secure_thin_driver/readme.html
Adam Butler
2010-08-30 16:31:03
A:
Yes, it's possible. I'm not sure how to configure the server (I've only used it from the client's perspective), but the JDBC driver can be configured as described from the link on this page: "SSL With Oracle JDBC Thin Driver". (Oracle seem to be making changes to the website so if it moves, look for the title.)
Note that that "Case #1: Use SSL for encryption only", is just that, which doesn't really enforce security. If you really want security, you'll also want server authentication at least. Encryption-only is like exchanging information secretly with someone whose identity you haven't verified: it's not particularly useful. Usually, you'll want to tell secrets only to the intended recipients of the secrets, after making sure they're who they say they are. The anonymous cipher suites (as described in this document, but not specific to Oracle JDBC SSL/TLS connections) are the ones to avoid for this reason. Client authentication is probably less important, depending on your context.
Bruno
2010-08-31 22:42:21