-
1. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Mark WaltersOct 31, 2016 9:53 AM (in response to Martin Rosenbauer)
1 of 1 people found this helpfulYou're correct that 9.x uses JDBC to connect to the database rather than the OCI client as in previous versions. Unfortunately, at this time, the JDBC connection string is is hard coded and can't be configured with the options necessary to enable encryption. Please consider creating an idea in this community to suggest adding this feature.
Mark
-
2. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Jason MillerOct 31, 2016 12:46 PM (in response to Mark Walters)
2 of 2 people found this helpfulWow! I can't believe there isn't an option to encrypt the connection. In 2016 with all of the security breaches every org has to worry about, this seems more like a defect than an opportunity for enhancement.
-
3. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Martin Rosenbauer Dec 22, 2016 11:41 AM (in response to Jason Miller)4 of 4 people found this helpfulIn the meantime we have figured out that on the Oracle server, there is an option to specify the encryption standard for the DB connection. If you only permit encrypted connections, then the Remedy side is in fact switching to encrypted data interchange... If I remember right, this was configured in the "sqlnet.ora" file..
-
4. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Mark WaltersDec 22, 2016 12:04 PM (in response to Martin Rosenbauer)
That's interesting to hear - did you have to add a certificate on the client side Java or configure an Oracle wallet?
Mark
-
5. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Martin Rosenbauer Dec 22, 2016 1:27 PM (in response to Mark Walters)5 of 5 people found this helpful... no, for the Oracle to AR Server connection, we did not add any certificate. This might be due to the encryption algorithm which is used or "required" by Oracle. I think that we followed the following instructions:
Configuring Network Data Encryption and Integrity for Oracle Servers and Clients
This link seems to contain all the details for the configuration on the Oracle server side.
-
6. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Mark WaltersDec 23, 2016 3:59 AM (in response to Martin Rosenbauer)
1 of 1 people found this helpfulMartin Rosenbauer that's really helpful thank you!
I've just tested this and it does look like setting the options on the server creates an encrypted connection. I used the Oracle Net Manager on the server to set the encryption state to requested, provided a seed and chose an algorithm. Using tcpdump on a Linux server with AR 9.1 I captured the traffic to the database and could see plain text data. I then restarted AR and checked again and now the data is no longer plain text.
I had not appreciated the different Oracle encryption options and thought that you had to configure SSL to achieve the above, which would require changes to the JDBC connect string. This seems a more straightforward option for just network packet payload encryption.
I'm going to do a bit more digging and I'll write this up as a knowledge base article/communities blog post.
Thanks again for taking the time to update this thread with the information.
Mark
-
7. Re: How can the AR Server 9.x encrypt its DB connection to Oracle?
Mark WaltersJan 9, 2017 4:53 AM (in response to Mark Walters)
2 of 2 people found this helpfulMartin Rosenbauer thank you again for the update on this topic when you found out how to enable encryption. I've created a blog post that details how to do this so others become aware of the feature. There's also a KB linking to the blog to help more people find it.
Trending in Support: Encrypting Data Between AR Servers and Oracle Databases
Mark