Oracle Advanced Security Administrator's Guide Release 8.1.6 A76932-01 |
|
This chapter provides an overview of the Java implementation of Oracle Advanced Security, which allows Thin Java Database Connectivity (JDBC) clients to connect securely to Oracle8i databases.
This chapter covers the following topics:
For information on JDBC, including examples, see the Oracle8i JDBC Developer's Guide and Reference.
More Information:
The Java implementation of Oracle Advanced Security provides network encryption and integrity protection for Thin JDBC clients communicating with Oracle8i databases with Oracle Advanced Security enabled.
The following topics are described in this section:
JDBC (Java Database Connectivity), an industry-standard Java interface, provides a Java standard for connecting to a relational database from a Java program. Sun Microsystems defined the JDBC standard, and Oracle Corporation, as an individual provider, implements and extends the standard with its own JDBC drivers.
Furthermore, Oracle implements two types of JDBC drivers: Thick JDBC drivers built on top of the C-based Net8 client, as well as a Thin (Pure Java) JDBC driver to support downloadable applets. Oracle JDBC drivers are used to create JDBC applications to communicate with Oracle databases.
Oracle extensions to JDBC include the following features:
Because the Thin JDBC driver is designed to be used with downloadable applets used over the Internet, Oracle designed a 100% Java implementation of Oracle Advanced Security encryption and integrity algorithms for use with thin clients. Oracle Advanced Security provides the following features for Thin JDBC:
The Oracle JDBC Thin driver implements the Oracle O3LOGON protocol for authentication. The Oracle JDBC Thin driver does not support Oracle Advanced Security third party authentication features such as RADIUS, Kerberos, and SecurID. However, the Oracle JDBC OCI driver support is the same as thick client support, in which all of Oracle Advanced Security features are implemented.
Oracle Advanced Security continues to encrypt and provide integrity checking of Net8 traffic between Net8 clients and Oracle servers using algorithms written in C. The Oracle Advanced Security Java implementation provides Java versions of the following encryption algorithms:
In addition, this implementation provides data integrity checking for Thin JDBC with the MD5 algorithm.
On the server side, the negotiation of algorithms and the generation of keys function exactly the same as native Oracle Advanced Security encryption. This allows backward and forward compatibility of clients and servers.
On the client side, the algorithm negotiation and key generation occur in exactly the same manner as C-based Oracle Advanced Security encryption. The client and server negotiate encryption algorithms, generate random numbers, use Diffie-Hellman to exchange session keys, and use the Oracle Password Protocol (O3LOGON key fold-in), in the same manner as traditional Net8 clients. Thin JDBC contains a complete implementation of a Net8 client in pure Java.
Consistent with other encryption implementations, the Java implementation of Oracle Advanced Security prevents access to the encryption algorithms, makes it impossible to double encrypt data, and encrypts data only as it passes through the network. Users cannot alter the keyspace nor alter the encryption algorithms themselves.
Code implementing cryptography and written in Java must be obfuscated in order to comply with U.S. government export controls. Therefore, this implementation protects Java classes and methods that contain encryption and decryption capabilities with obfuscation software.
Java Byte Code Obfuscation is a process often used by companies to protect Intellectual Property written in the form of Java programs. It mixes up Java symbols found in the code. The process leaves the original program structure intact, allowing the program to run correctly while changing the names of the classes, methods, and variables in order to hide the intended behavior. Although it is easy to decompile and read non-obfuscated Java code, the obfuscation process renders the target code nearly impossible to interpret once decompiled.
A properties class object containing several configuration parameters is passed to the Oracle Advanced Security interface. The tables in this chapter list the configuration parameters for the properties class objects for the following:
|
![]() Copyright © 1999 Oracle Corporation. All Rights Reserved. |
|