I was quite surprised to find that iPhone SDK is not available on Windows. Arghh. Lately I am seeing double standards in EU hunting Mr. Softie. What is the big deal that MS bundles IE on its OS. Folks who need another Browser can download any of the freely available browser. The fact that you can't uninstall IE does not get in my way of using a browser of my choice.
But that i can't replace the battery on my iPhone/iPod is a blocking issue when the batteries die. I don't want to be held hostage by the battery maker.
Thoughts on Apache Spark, Zeppelin, Big Data Security, Enterprise security, Cloud, *aaS, Software, Products & Oracle Fusion
Tuesday, January 27, 2009
Monday, January 26, 2009
N-Tier Security Silos
With the N-tier architecture the person managing the tiers tend to be separate and have separate skills sets. It often leads to knowledge silos and is especially visible when it comes to security. E.g it will be hard pressed to get a DBA who is good at securing Apache http Server. I wonder if there is a need for a security platform that helps to bridge this gap. An example could be that MidTier is more aware of security configured at the Data Tier and mid tier can take advantage of security at Data tier.
I wonder if this is an issue for you? How have you dealt with this?
I wonder if this is an issue for you? How have you dealt with this?
Tuesday, January 6, 2009
SSL between MidTier & DataBase
Essentially the SSL support between an app server (MT) & Datatier(Database) depends on two things.
1. If the Databases support SSL (Oracle DB support this)
2. The DB driver support this (could be thin or a thick client)
Assuming OC4J is connecting to Oracle DB (which is configured to listen in SSL) here are the steps using Oracle JDBC thin driver.
1.
For OracleAS, you could config SSL as the connection pool
properties, for example:
connection-pool-name="scottConnPoolTCPS"
jndi-name="jdbc/sslDS"
name="jdbc/sslDS"/
factory-class="oracle.jdbc.driver.OracleDriver"
user="scott"
password="tiger"
url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)
(HOST=sracanov-a
u2.au.oracle.com)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=orcl)))"
commit-record-table-name=""
value="/somepath/Wallets/client/
ewallet.p12"/
value="SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_WITH_RC4_128_MD5,SSL_DH_anon_WITH_DES_CBC_SHA"/
WLS to Oracle DB
For WLS, I don't see any doc for this type configuration. I don't
think it could be configured as the connection pool preperty.
However, these might work:
1) Specify the property in the java program as the following example:
//import packages
import java.sql.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.OracleDataSource;
//specify the properties object
java.util.Properties info = new java.util.Properties();
...
// Set the SSL version
info.put ("oracle.net.ssl_version","3.0");
// Set the wallet location
info.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)
(METHOD_DATA=(DIRECTORY=directory)))");
// Set the cipher suite
info.
put("oracle.net.ssl_cipher_suites","SSL_DH_DSS_WITH_DES_CBC_SHA");
// Force dn to match service name
info.put("oracle.net.ssl_serevr_dn_match","TRUE");
2) Using WLS SSL protocal, like submitting Context.SECURITY_PROTOCOL
= "ssl" along with in getting the JNDI initial context.
Copying Steve and Dave, they may have more infor on this.
Thanks to Frances Zhao for this information & let me know of your experience with this information.
1. If the Databases support SSL (Oracle DB support this)
2. The DB driver support this (could be thin or a thick client)
Assuming OC4J is connecting to Oracle DB (which is configured to listen in SSL) here are the steps using Oracle JDBC thin driver.
1.
For OracleAS, you could config SSL as the connection pool
properties, for example:
jndi-name="jdbc/sslDS"
name="jdbc/sslDS"/
user="scott"
password="tiger"
url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)
(HOST=sracanov-a
u2.au.oracle.com)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=orcl)))"
commit-record-table-name=""
ewallet.p12"/
SSL_DH_anon_WITH_RC4_128_MD5,SSL_DH_anon_WITH_DES_CBC_SHA"/
WLS to Oracle DB
For WLS, I don't see any doc for this type configuration. I don't
think it could be configured as the connection pool preperty.
However, these might work:
1) Specify the property in the java program as the following example:
//import packages
import java.sql.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.OracleDataSource;
//specify the properties object
java.util.Properties info = new java.util.Properties();
...
// Set the SSL version
info.put ("oracle.net.ssl_version","3.0");
// Set the wallet location
info.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)
(METHOD_DATA=(DIRECTORY=directory)))");
// Set the cipher suite
info.
put("oracle.net.ssl_cipher_suites","SSL_DH_DSS_WITH_DES_CBC_SHA");
// Force dn to match service name
info.put("oracle.net.ssl_serevr_dn_match","TRUE");
2) Using WLS SSL protocal, like submitting Context.SECURITY_PROTOCOL
= "ssl" along with in getting the JNDI initial context.
Copying Steve and Dave, they may have more infor on this.
Thanks to Frances Zhao for this information & let me know of your experience with this information.
Subscribe to:
Posts (Atom)