Ask the Expert

Method for securing data when using SQL*Plus

Our management is concerned with the fact that developers using SQL*Plus have sensitive data moving in the open between the client and the database. Any advice on methods of dealing with this problem without buying the very expensive Oracle Advance Security option?

    Requires Free Membership to View

The Advanced Security option is the best and easiest way to encrypt database network traffic. It is an add-on option and has cost, so your situation isn't uncommon.

The best alternative would be to use SSH tunnels. The basic configuration is that you create a tunnel from client to server. The client endpoint would be on a certain port number (say, 9000). The server endpoint would be your database listener port (1521). You can establish a tunnel using a command similar to this:

ssh -L 9000:dbserver:1521 someuser@dbserver

Once the tunnel is started, it must remain running while any database connections are active. With the tunnel listening on the local client machine on port 9000, change your tnsnames.ora entry on the client to this:

dbname.world = 
  (DESCRIPTION=
    (ADDRESS=(PROTOCOL=TCP)(HOST=client-hostname)(PORT=9000))
    (CONNECT_DATA=(SERVICE_NAME=dbname.world))
  )
and then you should be able to connect to the database using this alias. When you do, all network traffic is sent over the network inside the SSH tunnel (which is an encrypted tunnel).

From Windows clients to Unix hosts, you can use PuTTY (tutorial is here) on the client PC as the SSH client. If your database server is Windows, you can use Cygwin to create an SSH server process that you can connect to on the Windows host.

This was first published in November 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: