Home
Topics
Oracle database administration
Oracle database security
Method for securing data when using SQL*Plus

Method for securing data when using SQL*Plus

Our management is concerned with the fact that developers using SQL*Plus have sensitive data moving in the open between the client and the database. Any advice on methods of dealing with this problem without buying the very expensive Oracle Advance Security option?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

The Advanced Security option is the best and easiest way to encrypt database network traffic. It is an add-on option and has cost, so your situation isn't uncommon.

The best alternative would be to use SSH tunnels. The basic configuration is that you create a tunnel from client to server. The client endpoint would be on a certain port number (say, 9000). The server endpoint would be your database listener port (1521). You can establish a tunnel using a command similar to this:

ssh -L 9000:dbserver:1521 someuser@dbserver

Once the tunnel is started, it must remain running while any database connections are active. With the tunnel listening on the local client machine on port 9000, change your tnsnames.ora entry on the client to this:

dbname.world = 
  (DESCRIPTION=
    (ADDRESS=(PROTOCOL=TCP)(HOST=client-hostname)(PORT=9000))
    (CONNECT_DATA=(SERVICE_NAME=dbname.world))
  )

and then you should be able to connect to the database using this alias. When you do, all network traffic is sent over the network inside the SSH tunnel (which is an encrypted tunnel).

From Windows clients to Unix hosts, you can use PuTTY (tutorial is here) on the client PC as the SSH client. If your database server is Windows, you can use Cygwin to create an SSH server process that you can connect to on the Windows host.

More News and Tutorials

Articles

This was first published in November 2004

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Data Management
Business Analytics
SAP
SQL Server
Java
Data Center
Content Management
Financial Applications

Data Management
- New BI stack tackles data load at Boston Children's Hospital
  
  Boston Children's Hospital upgraded its business intelligence architecture to boost enterprise reporting, a move that also required retraining users.
- Expanded Hadoop use cases will drive need for new enterprise features
  
  With user interest rising, Hadoop vendors are trying to pave a path to higher adoption with add-ons that target issues holding the technology back.
- Jim Goodnight on SAS in-memory analytics and the data scientist
  
  A podcast Q&A with SAS execs Jim Goodnight and Jim Davis looks at big data enablers, including in-memory analytics, and the role of data scientists.
Business Analytics
- Marketing and advertising remain sweet spots for big data technology
  
  Marketing and advertising are the sweet spots for big data, but those who serve up marketing insights and ad space will need to evolve to survive.
- Strategies for de-cluttering business intelligence dashboard designs
  
  Expert Brian Jordan shows business intelligence managers how to avoid developing dashboards that overwhelm business users with too much information.
- Making mobile BI applications a reality: Key steps to take
  
  In a podcast, BI expert William McKnight discusses best practices and action items for managing deployments of mobile business intelligence tools.
SAP
- Ariba Network announces QuickBooks integration
  
  At its annual conference, Ariba announced a new tool by partner Dell Boomi that lets small businesses integrate their QuickBooks accounting with the Ariba Network.
- Software license audits come in different forms, expert says
  
  Your next software license audit may be an inventory optimization exercise in disguise. Either way, the trick is to be prepared, writes one analyst.
- Sentiment analysis just part of the SAP social media vision
  
  Social media in the enterprise is in constant flux. One of SAP's top social media chiefs lays it out, from sentiment analysis to social collaboration.
SQL Server
- Adam Machanic talks SQL Saturday
  
  We caught up with Adam Machanic, group leader of the New England SQL Server user group, at SQL Saturday Boston. Find out what he shared with us.
- SQL Server meets database application security
  
  Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.
- xVelocity Columnstore Indexes in SQL Server 2012
  
  Curious about how xVelocity can help with your columnstore indexes? Check out this tip from Basit Farooq to find out.
Java
- How skilled portlet developers make the portal strategy work
  
  Portals are providing more value than ever, and having skilled portlet developers on staff brings the technology to new levels.
- Five portlet development tips software engineers can't ignore
  
  Here are five quick portlet development tips that software engineers will find helpful as they develop applications for the portal.
- Effective portlet development means respecting the servlet API
  
  When moving to portlet development from web development, software engineers must remember that servlet and JSP development rules still apply.
Data Center
- Data center technologies evolve to meet tomorrow's computing demands
  
  VMware's upcoming public cloud and AMD's 64-bit ARM servers are technologies for the data center that exemplify the changes in the IT industry.
- New data center cooling strategies to improve efficiency, lower costs
  
  Stagnant strategies for data center cooling will keep energy bills climbing ever higher, but a more modern approach can bring them back down to earth.
- Converged systems usher in data center transformation
  
  The rise of converged systems has brought a new level of manageability to the data center, but these integrated offerings have a few drawbacks.
Content Management
- Get 'em ready: Tips for planning a SharePoint 2013 training program
  
  SharePoint is a complex application. But training business users for an upgrade to SharePoint 2013 doesn't have to be a daunting task for IT teams.
- The organization of the future: Not just hybrid IT, but hybrid people
  
  The adoption of hybrid IT approaches creates a need for executives who can both formulate business objectives and assess IT requirements.
- SharePoint technology feels growing pains as 2013 release arrives
  
  SharePoint 2013 adds new features to the collaboration software. But it comes at a time when SharePoint's value is being questioned in some quarters.
Financial Applications
- IaaS business scales faster with Zuora billing software
  
  While a user testified to the benefits of Zuora specialty billing software, an expert said the niche tool is not necessary for all.
- Analytics, global HR hot topics at Bersin conference
  
  In this podcast, associate site and news editor Emma Snider recaps some of the key takeaways from Bersin by Deloitte's Impact 2013.
- Offboarding automation reduces risk, manual labor
  
  With HR's focus on onboarding, the offboarding process often gets short shrift. But making do with checklists and spreadsheets can lead to problems.

All Rights Reserved,Copyright 2003 - 2013, TechTarget