Securing JDBC Connection
843859Feb 1 2006 — edited Feb 3 2006I have a linux box that acts as my client and makes a JDBC (thin) connection to an another Oracle box running on linux. My primary goal is to encrypt the connection since we have internal passwords that we pass over the wire and we don't want it to be in the clear.
Couple of questions?
When the applications first makes a JDBC connection, is the username/password in the clear, the JDBC connection? If so, is there a way I can encryt this. If its sent in the clear I guess anyone listening on the network would get the username/password to connect to the DB. Could you also point me to some documention where its says the connection string username and password is encrypted or not by deafult, etc.
Everything between the client and the DB I want to encrypt, is this possible in the driver level, I did the document on configuring the thin driver. Could anyone point me to detailed instructions as to where the property files are and what I need to change.