dbaascli netsec config integrity

The netsec config integrity subcommand of the dbaascli utility is used to configure Oracle Net integrity settings.

By default, database deployments on Database Cloud Service are configured to enable native Oracle Net integrity. You can use the netsec config integrity subcommand to change Oracle Net integrity settings. See "Configuring Oracle Database Network Encryption and Data Integrity" in Oracle Database Security Guide for Release 18, 12.2 or 12.1 or "Configuring Network Data Encryption and Integrity for Oracle Servers and Clients" in Database Advanced Security Administrator's Guide for Release 11.2 for detailed information on Oracle Net encryption and integrity.

Execute this command as the oracle user.

dbaascli netsec config integrity 
  --clevel accepted|rejected|requested|required 
  --methods algorithm[,algorithm]... 
  --target client|server

Options of this subcommand are as follows.

Option Description

clevel accepted|rejected|requested|required

The clevel option is used to specify the checksum level.

  • rejected—Enter this value if you do not elect to enable data integrity, even if required by the client.

    In this scenario, this side of the connection specifies that data integrity is not permitted. If the client side is set to required, the connection terminates with error message ORA-12650. If the client side is set to requested, accepted or rejected, the connection continues without error and without data integrity enabled.

  • accepted—Select this value to enable data integrity if required or requested by the client.

    In this scenario, this side of the connection does not require data integrity, but it is enabled if the client side is set to required or requested. If the client side is set to required or requested, and an integrity algorithm match is found, the connection continues without error and with data integrity enabled. If the client side is set to required and no algorithm match is found, the connection terminates with error message ORA-12650.

    If the client side is set to requested and no algorithm match is found, or if the client side is set to accepted or rejected, the connection continues without error and without data integrity enabled.

  • requested—Select this value to enable data integrity if the client permits it.

    In this scenario, this side of the connection specifies that data integrity is desired but not required. Data integrity is enabled if the client side specifies accepted, requested, or required. There must be a matching algorithm available, otherwise data integrity is not enabled. If the client side specifies required and there is no matching algorithm, the connection fails.

  • required—Select this value to enable data integrity or preclude the connection.

    In this scenario, this side of the connection specifies that data integrity must be enabled. The connection fails if the client side specifies rejected or if there is no compatible algorithm.

methods algorithm[,algorithm]...

The methods option is used to specify the integrity algorithm. Valid values are: SHA1, SHA256, SHA384, and SHA512.SHA1 is the only algorithm supported by Oracle Database 11g.

target client|server

The target option is used to specify whether the integrity setting applies to the client or server. Use server.