Large Objects are used to hold large amounts of data inside Oracle Database, SecureFiles provides performance comparable to file system performance, and DBFS provides file system interface to files stored in Oracle Database.
1.1 Changes in Oracle Database
The following are the changes in SecureFiles and Large Objects Developer's Guide for Oracle Database.
1.1.1 Updates to Oracle Database Security 21c
Oracle Database release 21c has one new security update that applies to all releases starting from release 11.2.
Security Update for Native Encryption
Oracle provides a patch that you can download to address necessary security enhancements that affect native network encryption environments in Oracle Database release 11.2 and later.
This patch is available in My Oracle Support note 2118136.2.
The supported algorithms that have been improved are as follows:
- Encryption algorithms: AES128, AES192 and AES256
- Checksumming algorithms: SHA1, SHA256, SHA384, and SHA512
Algorithms that are deprecated and should not be used are as follows:
- Encryption algorithms: DES, DES40, 3DES112, 3DES168, RC4_40, RC4_56, RC4_128, and RC4_256
- Checksumming algorithm: MD5
If your site requires the use of network native encryption, then you must download the patch that is described in My Oracle Support note 2118136.2. To enable a smooth transition for your Oracle Database installation, this patch provides two parameters that enable you to disable the weaker algorithms and start using the stronger algorithms. You will need to install this patch on both servers and clients in your Oracle Database installation.
An alternative to network native encryption is Transport Layer Security (TLS), which provides protection against person-in-the-middle attacks.
- Choosing Between Native Network Encryption and Transport Layer Security in Oracle Database Security Guide
- Improving Native Network Encryption Security in Oracle Database Security Guide