Rather than configuring these settings in the connection string, you can set them on startup for the java processes. We've done so using service manager, the relevant lines from uc4.smd are below.
VAR JAVA_OPTIONS; -Xmx512M -Doracle.net.encryption_client=REQUIRED -Doracle.net.crypto_checksum_client=REQUIRED
VAR JWP_STARTCMD;java *JAVA_OPTIONS -jar ucsrvjp.jar -I*SRV_STARTPATH/ucsrv.ini
VAR JCP_STARTCMD;java *JAVA_OPTIONS -jar ucsrvjp.jar -I*SRV_STARTPATH/ucsrv.ini -rest
You can also set the environment variable _JAVA_OPTIONS in something like /etc/profile to have all jvm's on your machine pick up those values. (This may be specific to oracle jdk, I'm not sure)
------------------------------
Jonathan Roster
Analyst Programmer, Enterprise Computing Svcs.
Information Services | Oregon State University
541-737-4578 | is.oregonstate.edu
------------------------------
Original Message:
Sent: 06-25-2020 01:35 PM
From: Prosenjit Maji
Subject: Encrypting the JDBC Connection
Hello Peter,
We already have following ODBC that uses sqlnet.ora param "SQLNET.ENCRYPTION_CLIENT = REQUESTED". So it always initiates encrypted calls to Oracle DB.
[ODBC]
sqlDriverConnect=ODBCVAR=XXXXXXXX,DSN=XYZ;UID=ABC;PWD=<Password>;SP=NLS_LANGUAGE=AMERICAN,NLS_TERRITORY=AMERICA,CODESET=XXXXXXXXXXXX
But as Tony said, we have following in JDBC section of ucsrv.ini that is initiating non-encrypted calls to DB.
[JDBC]
SQLDRIVERCONNECT=jdbc:oracle:thin:@(DESCRIPTION= (LOAD_BALANCE=on) (ADDRESS=(PROTOCOL=TCP)(HOST=ABC
I-SCAN-VIP)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=XYZ.WORLD)))
So even if we follow below information, we are trying to figure out how / where to configure encryption strings for JDBC ? Any thought ?
https://docs.oracle.com/cd/B19306_01/java.102/b14355/clntsec.htm#i1022564
------------------------------
Regards,
Prosenjit
Original Message:
Sent: 06-25-2020 10:28 AM
From: Peter Grundler
Subject: Encrypting the JDBC Connection
Hi Tony,
I don't have access to Oracle so it's just a guess. For MSSQL the connection string looks like this:
jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
In order to pass parameters via JDBC you have to use properties and values, i.e. integratedSecurity=true or instanceName=instance1
I assume the same applies to the Oracle JDBC connection string. So parameters could be as mentioned in table 10-2 on page https://docs.oracle.com/cd/B19306_01/java.102/b14355/clntsec.htm#CHDIIAGE
regards,
Peter
Original Message:
Sent: 06-25-2020 09:55 AM
From: Tony Ferraro
Subject: Encrypting the JDBC Connection
Hi folks,
Does anyone know if its possible to encrypt Oracle JDBC connections in V12.3?
Certainly the ODBC connection can be configured on the Oracle client installation.
Standard setting from UCSRV.INI -
[JDBC]
SQLDRIVERCONNECT=jdbc:oracle:thin:@(DESCRIPTION= (LOAD_BALANCE=on) (ADDRESS=(PROTOCOL=TCP)(HOST=ABC
I-SCAN-VIP)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=XYZ.WORLD)))
Seems like it should be possible from the Oracle link below, but i'm not sure if configurable by system admins or if it needs an Ideation topic.
https://docs.oracle.com/cd/B19306_01/java.102/b14355/clntsec.htm#CHDFDDFG
Setting Encryption and Integrity Parameters in Java
Use a Java properties object, that is, an instance of java.util.Properties, to set the data encryption and integrity parameters supported by the JDBC Thin driver.
Note i previously opened a Broadcom case for this and it was closed without any comment!
Thanks!