Re: verifying network encryption on 11gR2?
Date: Tue, 21 Jan 2014 08:30:10 -0600
Message-ID: <CAJueESo-P4Gqcr0Pi_pz7_8MgGnBYXwLJ=Hxb=3wYAys5FKiFw_at_mail.gmail.com>
Running any sort of network sniffer will unfortunately be very difficult, likely impossible, to get approved. That's why I'm hoping to find a method which can be easily (and more importantly, reliably) checked from within the database.
I do appreciate the suggestion, however, and will certainly keep it in mind. Thanx!
On Fri, Jan 17, 2014 at 11:09 PM, Jeff C <backseatdba_at_gmail.com> wrote:
> Try using Wireshark. You can pretty easily see the different when network
> encryption is on versus off. You will see plain text and then a bunch of
> scrambled data.
>
>
> On Fri, Jan 17, 2014 at 6:41 PM, Adric Norris <landstander668_at_gmail.com>wrote:
>
>> Is there a good way to check, from within the database, whether or not
>> database sessions are utilizing network encryption? I know you can look at
>> the *network_service_banner* column of *v$session_connect_info*, but the
>> text format makes it difficult to parse effectively... not to mention that
>> I'm not certain that it's always populated (thinking of JDBC thin clients
>> here). The databases in question are all 11.2.0.3/11.2.0.4, running
>> under a combination of Linux X86-64 and Solaris SPARC 64-bit.
>>
>> We're thinking of enabling opportunistic network encryption in the near
>> future, with the goal of it eventually becoming mandatory. I'd therefore
>> like to be able to identify plaintext sessions from within the database, so
>> that we have an idea of which applications / groups will need to make
>> configuration changes.
>>
>> Thanx!
>>
>> --
>>
>> Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: kernel
>> panic [parroty error]
>>
>>
>
-- "I'm too sexy for my code." -Awk Sed Fred -- http://www.freelists.org/webpage/oracle-lReceived on Tue Jan 21 2014 - 15:30:10 CET