RE: Compliance and SSL/TLS Encryption on ODA

From: <dimensional.dba_at_comcast.net>
Date: Sat, 17 Oct 2020 12:46:01 -0700
Message-ID: <004601d6a4be$25103910$6f30ab30$_at_comcast.net>

If you are using local connection 127.0.0.1 then the data never crosses onto the wire meaning exiting the server and coming back in.

It only hits the IP stack and is returned to internal processes.

If you use the local server name it again will hit the tcp-ip stack and not leave the host.

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> On Behalf Of Mark J. Bobak Sent: Saturday, October 17, 2020 12:13 PM To: Robert Karch <rkarch_at_teleran.com> Cc: oracle-l_at_freelists.org
Subject: Re: Compliance and SSL/TLS Encryption on ODA

Hi Rob,

To be totally safe, you should use PROTOCOL=IPC. I know you said you had a requirement to use PROTOCOL=TCP. Doing so, with the host's IP address, will surely mean the data will need to go across your TCP connection. What I'm not certain about, is whether using localhost (127.0.0.1) instead of actual host IP will do any real good.

If using PROTOCOL=TCP w/ localhost, I'm not sure how many "shortcuts" the Linux kernel includes (if any), to attempt to avoid actually touching the TCP stack.

Obviously, PROTOCOL=IPC is what you really want to use. If you can't, the next fastest would be PROTOCOL=TCP w/ localhost, but from a compliance point of view, I don't know enough about Linux kernel internals to confirm whether or not you're compliant.

-Mark

On Sat, Oct 17, 2020 at 11:05 AM Robert Karch <rkarch_at_teleran.com <mailto:rkarch_at_teleran.com> > wrote:

I am working with an ODA customer who has a compliance requirement to encrypt data on the wire. They have some applications running on the ODA server that they would prefer not to have the overhead of encryption and decryption. They also want these applications connecting to the Oracle listener using TCP/IP. The question that they have is if the application is running on the ODA host, and connecting to a TCP listener port, is the passed data only available in memory (and therefore still in compliance) or is there some possibility of leakage into the network?

Kindest Regards,

Rob Karch

Software Architect

Teleran Technologies, Inc.

“Understanding Usage Is Everything”

--

http://www.freelists.org/webpage/oracle-l Received on Sat Oct 17 2020 - 21:46:01 CEST

This message: [ Message body ]
Next message: Jared Still: "Re: Compliance and SSL/TLS Encryption on ODA"
Previous message: Mark J. Bobak: "Re: Compliance and SSL/TLS Encryption on ODA"
In reply to: Mark J. Bobak: "Re: Compliance and SSL/TLS Encryption on ODA"
Next in thread: Jared Still: "Re: Compliance and SSL/TLS Encryption on ODA"
Reply: Jared Still: "Re: Compliance and SSL/TLS Encryption on ODA"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message