Problem solve Get help with specific problems with your technologies, process and projects.

Method for securing data when using SQL*Plus

Our management is concerned with the fact that developers using SQL*Plus have sensitive data moving in the open between the client and the database. Any advice on methods of dealing with this problem without buying the very expensive Oracle Advance Security option?

The Advanced Security option is the best and easiest way to encrypt database network traffic. It is an add-on option and has cost, so your situation isn't uncommon.

The best alternative would be to use SSH tunnels. The basic configuration is that you create a tunnel from client to server. The client endpoint would be on a certain port number (say, 9000). The server endpoint would be your database listener port (1521). You can establish a tunnel using a command similar to this:

ssh -L 9000:dbserver:1521 someuser@dbserver

Once the tunnel is started, it must remain running while any database connections are active. With the tunnel listening on the local client machine on port 9000, change your tnsnames.ora entry on the client to this:

dbname.world = 
and then you should be able to connect to the database using this alias. When you do, all network traffic is sent over the network inside the SSH tunnel (which is an encrypted tunnel).

From Windows clients to Unix hosts, you can use PuTTY (tutorial is here) on the client PC as the SSH client. If your database server is Windows, you can use Cygwin to create an SSH server process that you can connect to on the Windows host.

Dig Deeper on Oracle database security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.