Q

Method for securing data when using SQL*Plus

Our management is concerned with the fact that developers using SQL*Plus have sensitive data moving in the open between the client and the database. Any advice on methods of dealing with this problem without buying the very expensive Oracle Advance Security option?

The Advanced Security option is the best and easiest way to encrypt database network traffic. It is an add-on option

and has cost, so your situation isn't uncommon.

The best alternative would be to use SSH tunnels. The basic configuration is that you create a tunnel from client to server. The client endpoint would be on a certain port number (say, 9000). The server endpoint would be your database listener port (1521). You can establish a tunnel using a command similar to this:

ssh -L 9000:dbserver:1521 someuser@dbserver

Once the tunnel is started, it must remain running while any database connections are active. With the tunnel listening on the local client machine on port 9000, change your tnsnames.ora entry on the client to this:

dbname.world = 
  (DESCRIPTION=
    (ADDRESS=(PROTOCOL=TCP)(HOST=client-hostname)(PORT=9000))
    (CONNECT_DATA=(SERVICE_NAME=dbname.world))
  )
and then you should be able to connect to the database using this alias. When you do, all network traffic is sent over the network inside the SSH tunnel (which is an encrypted tunnel).

From Windows clients to Unix hosts, you can use PuTTY (tutorial is here) on the client PC as the SSH client. If your database server is Windows, you can use Cygwin to create an SSH server process that you can connect to on the Windows host.

This was first published in November 2004

Dig deeper on Oracle database security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close