尝试在 JDBC 数据源上启用 Oracle 透明数据加密

发布于 2024-11-04 18:52:46 字数 1035 浏览 0 评论 0原文

我正在尝试使用 Oracle TDE 通过以下连接字符串连接到 JDBC 数据源：

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.0.1.101)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SECUREDATA)))

有没有办法指定 JDBC 属性，以便为此连接启用透明数据加密？

http://www.orafaq.com/wiki/Network_Encryption#Thin_JDBC_client 有一些废话如何做到这一点，但由于我们目前拥有的软件架构，我几乎只能修改数据源连接字符串。

 Thin JDBC client

 In this case, sqlnet.ora file is not read and taken into account; we have to set 
 properties on the connection.

 For example:

 DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
 Properties props = new Properties();
 props.put("oracle.net.encryption_client", "accepted");
 props.put("oracle.net.encryption_types_client", "RC4_128"); 
 props.put("user", "XXX");
 props.put("password", "YYY");
 Connection conn =  DriverManager.getConnection("jdbc:oracle:thin:@myhost:1521:mySID", props);

原文

I am trying to use Oracle TDE to connect to a JDBC data source with the following connection string:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.0.1.101)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SECUREDATA)))

Is there a way to specify JDBC properties such that Transparent Data Encryption is enabled for this connection?

http://www.orafaq.com/wiki/Network_Encryption#Thin_JDBC_client has some verbiage on how to do this, but due to the software architecture we currently have, I can pretty much only modify the data source connection string.

 Thin JDBC client

 In this case, sqlnet.ora file is not read and taken into account; we have to set 
 properties on the connection.

 For example:

 DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
 Properties props = new Properties();
 props.put("oracle.net.encryption_client", "accepted");
 props.put("oracle.net.encryption_types_client", "RC4_128"); 
 props.put("user", "XXX");
 props.put("password", "YYY");
 Connection conn =  DriverManager.getConnection("jdbc:oracle:thin:@myhost:1521:mySID", props);

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一片旧的回忆 2024-11-11 18:52:46

我的商店在 Oracle 网络加密方面的 10g 经验是，它通过在服务器端单独进行此更改来发挥作用：

SQLNET.ENCRYPTION_SERVER = required
SQLNET.ENCRYPTION_TYPES_SERVER = (list of acceptable crypto algorithms)
SQLNET.CRYPTO_SEED = [my seed value]
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (list of acceptable crypto algorithms)

作为 SQLNET.ENCRYPTION_CLIENT 和 SQLNET.CRYPTO_CHECKSUM_CLIENT 的默认值 被接受，将创建加密连接。

My shop's 10g experience with Oracle Network Encryption was that it worked by making this change on the server side alone:

SQLNET.ENCRYPTION_SERVER = required
SQLNET.ENCRYPTION_TYPES_SERVER = (list of acceptable crypto algorithms)
SQLNET.CRYPTO_SEED = [my seed value]
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (list of acceptable crypto algorithms)

As the defaults for SQLNET.ENCRYPTION_CLIENT and SQLNET.CRYPTO_CHECKSUM_CLIENT are accepted, an encrypted connection would be created.

回复收藏 0 原文

~没有更多了~