| |
 |
|
Oracle Tips by Burleson |
Chapter 7 Oracle Network Security
|
_SERVER |
_CLIENT |
|
ACCEPTED |
REJECTED |
REQUESTED |
REQUIRED |
|
ACCEPTED |
INACTIVE |
INACTIVE |
ACTIVE |
ACTIVE |
|
REJECTED |
INACTIVE |
INACTIVE |
INACTIVE |
Failure |
|
REQUESTED |
ACTIVE |
INACTIVE |
ACTIVE |
ACTIVE |
|
REQUIRED |
ACTIVE |
Failure |
ACTIVE |
ACTIVE |
Table 7.1 Status of checksumming in various
combinations of the parameter crypto_checksum_*.
The default value is REJECTED, which means that
the checksum is neither sent to the receiver nor accepted from the
sender. If one of the parties, the client or the server, asks for
checksumming, and the other party has the default setting, then the
connection will fail. Therefore, we have set the parameter to
REQUESTED in the example above. In this setting, if the other party
has specified anything but REJECTED, the checksumming is activated.
The other important parameter is
sqlnet.crypto_seed. While generating the cryptographic keys, most of
the algorithms use seed values to arrive at the key. This seed
decides how random the checksum value is going to be. The default is
often sufficient, but you could always use your own value. There is
no fixed format – any ASCII character is acceptable and must be at
least 10 and at most 70 characters long.
When checksumming is
active, the sender breaks the data into packets and labels them with
sequence strings so that the receiver can piece them together to
make it whole. The MD5 algorithm makes a hash calculation of the
data in each packet to get the checksum, and adds
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
immediate download of working security scripts:
http://rampant-books.com/book_2003_2_audit.htm
|
