Data encryption issues with oracle advance security

Question

HI all,

I have used Oracle Advanced Security to encrypt data during data transfer. I have successfully configured ssl with below parameters and I have restarted the instance. I am retrieving data from a java class given below. But I could read the data without decrypting, the data is not getting envrypted. Could you please help. Environment:

Oragle 11g database

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)

SSL_VERSION = 0

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\Users\kcr\Oracle\WALLETS)
)
)

SSL_CIPHER_SUITES= (SSL_RSA_EXPORT_WITH_RC4_40_MD5)

JAVA CLASS:

try{
Properties properties = Utils.readProperties("weka/experiment/DatabaseUtils.props"); 
// Security.addProvider(new oracle.security.pki.OraclePKIProvider()); //Security syntax
String url = "jdbc:oracle:thin:@(DESCRIPTION =\n" + 
" (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))\n" + 
" (CONNECT_DATA =\n" + 
" (SERVER = DEDICATED)\n" + 
" (SERVICE_NAME = sal)\n" + 
" )\n" + 
" )";
java.util.Properties props = new java.util.Properties();

props.setProperty("user", "system");
props.setProperty("password", "weblogic");
// props.setProperty("javax.net.ssl.trustStore","C:\\Users\\kcr\\Oracle\\WALLETS\\ewallet.p12"); 
// props.setProperty("oracle.net.ssl_cipher_suites","SSL_RSA_EXPORT_WITH_RC4_40_MD5");
// props.setProperty("javax.net.ssl.trustStoreType","PKCS12");
//props.setProperty("javax.net.ssl.trustStorePassword","welcome2");

DriverManager.registerDriver(new OracleDriver());
Connection conn = DriverManager.getConnection(url, props);
/*8 OracleDataSource ods = new OracleDataSource();
ods.setUser("system");
ods.setPassword("weblogic");
ods.setURL(url);
Connection conn = ods.getConnection();*/

Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery("select * from iris");
///////////////////////////
while(rset.next()) {
for (int i=1; i<=5; i++) {
System.out.print(rset.getString(i));
}
}

Answer 1

You'll find the documentation in "SSL With Oracle JDBC Thin Driver".

In particular you should probably use PROTOCOL = TCPS instead of PROTOCOL = TCP. I'd also suggest using a stronger cipher suite (and avoid the anonymous ones, since with them you don't verify the identity of the remote server).

Answer 2

Are you expecting that your SELECT statement would return encrypted data and that your System.out.print calls would result in encrypted output going to the screen? If so, that's not the way advanced security works-- Advanced Security allows you to encrypt data over the wire but the data is unencrypted in the SQL*Net stack. Your SELECT statement, therefore, would always see the data in an unencrypted state. You would need to do a SQL*Net trace or use some sort of packet sniffer to see the encrypted data flowing over the wire.