On Tue, Jul 30, 2002 at 01:47:47PM -0400, bsecat_private wrote: > How can programmers securely pass user ids and passwords from their > applications into an Oracle database. I understand that for web based > applications they could simply use SSL; however, for client/server > applications, are there any good solutions out there? Some replies have suggested the use of stunnel. However this will not work (as other replies have pointed out) in the case that an application uses arbitrary, negotiated ports. Instead, consider the use of IPSec, which will allow you to protect any/all traffic between your DB client and server. For example, see: http://www.ietf.org/html.charters/ipsec-charter.html http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/intro.html http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/reskit/prcc_tcp_erqb.asp or the relevant reference material for your platform. If IPSec is unavaible to you on the client and server themselves, you can also set up gateways such that traffic across the untrusted portion of the network is encrypted.
This archive was generated by hypermail 2b30 : Wed Aug 07 2002 - 15:02:47 PDT