2

I am trying to use Oracle TDE to connect to a JDBC data source with the following connection string: 

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.0.1.101)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SECUREDATA)))

Is there a way to specify JDBC properties such that Transparent Data Encryption is enabled for this connection?

http://www.orafaq.com/wiki/Network_Encryption#Thin_JDBC_client has some verbiage on how to do this, but due to the software architecture we currently have, I can pretty much only modify the data source connection string. 

 Thin JDBC client

 In this case, sqlnet.ora file is not read and taken into account; we have to set 
 properties on the connection.

 For example:

 DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
 Properties props = new Properties();
 props.put("oracle.net.encryption_client", "accepted");
 props.put("oracle.net.encryption_types_client", "RC4_128"); 
 props.put("user", "XXX");
 props.put("password", "YYY");
 Connection conn =  DriverManager.getConnection("jdbc:oracle:thin:@myhost:1521:mySID", props);
Chris K
  • 11,996
  • 7
  • 37
  • 65
  • 1
    Transparent Data Encryption doesn't require any configuration changes for connections; you're appear to be referring to Network Data Encryption, which is different. – Adam Musch May 02 '11 at 19:35

1 Answers1

0

My shop's 10g experience with Oracle Network Encryption was that it worked by making this change on the server side alone:

SQLNET.ENCRYPTION_SERVER = required
SQLNET.ENCRYPTION_TYPES_SERVER = (list of acceptable crypto algorithms)
SQLNET.CRYPTO_SEED = [my seed value]
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (list of acceptable crypto algorithms)

As the defaults for SQLNET.ENCRYPTION_CLIENT and SQLNET.CRYPTO_CHECKSUM_CLIENT are accepted, an encrypted connection would be created.

Adam Musch
  • 13,286
  • 2
  • 28
  • 32