标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,670)
- DB2 (22)
- MySQL (73)
- Oracle (1,532)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (21)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (14)
- ORACLE 21C (3)
- Oracle 23ai (7)
- Oracle ASM (65)
- Oracle Bug (8)
- Oracle RAC (52)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (560)
- Oracle安装升级 (91)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (78)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- ORA-600 krse_arc_complete.4
- Oracle 19c 202410补丁(RUs+OJVM)
- ntfs MFT损坏(ntfs文件系统故障)导致oracle异常恢复
- .mkp扩展名oracle数据文件加密恢复
- 清空redo,导致ORA-27048: skgfifi: file header information is invalid
- A_H_README_TO_RECOVER勒索恢复
- 通过alert日志分析客户自行对一个数据库恢复的来龙去脉和点评
- ORA-12514: TNS: 监听进程不能解析在连接描述符中给出的SERVICE_NAME
- ORA-01092 ORA-00604 ORA-01558故障处理
- ORA-65088: database open should be retried
- Oracle 19c异常恢复—ORA-01209/ORA-65088
- ORA-600 16703故障再现
- 数据库启动报ORA-27102 OSD-00026 O/S-Error: (OS 1455)
- .[metro777@cock.li].Elbie勒索病毒加密数据库恢复
- 应用连接错误,初始化mysql数据库恢复
- RAC默认服务配置优先节点
- Oracle 19c RAC 替换私网操作
- 监听报TNS-12541 TNS-12560 TNS-00511错误
- drop tablespace xxx including contents恢复
- Linux 8 修改网卡名称
标签归档:ENCRYPTION_CLIENT
配置Oracle传输数据加密
随着安全意识和需求的越来越高,有一些客户要求数据库传输数据过程中对其进行加密,防止有人在网络层面通过抓包,获取数据内容,从而保证了在网络层面的数据传输安全.实现这种加密,主要是通过Database Advanced Security组件实现,主要是通过slnet.ora的配置实现数据在服务端和客户端之间传输加密.
数据库安装的安全组件和支持加密算法
[oracle@ora11g ~]$ adapters Installed Oracle Net transport protocols are: IPC BEQ TCP/IP SSL RAW SDP/IB Installed Oracle Net naming methods are: Local Naming (tnsnames.ora) Oracle Directory Naming Oracle Host Naming Oracle Names Server Naming Installed Oracle Advanced Security options are: RC4 40-bit encryption RC4 56-bit encryption RC4 128-bit encryption RC4 256-bit encryption DES40 40-bit encryption DES 56-bit encryption 3DES 112-bit encryption 3DES 168-bit encryption AES 128-bit encryption AES 192-bit encryption AES 256-bit encryption MD5 crypto-checksumming SHA-1 crypto-checksumming Kerberos v5 authentication RADIUS authentication
启用客户端trace
trace只是为了验证传输加密,在实际生产中该功能需要关闭,不然会比较严重影响性能和导致trace文件过多磁盘空间占用较大问题
Trace_level_client=16 Trace_directory_client=D:\app\Administrator\product\11.2.0\dbhome_1\NETWORK\ADMIN\log Trace_unique_client=on Trace_timestamp_client=on Diag_adr_enabled=off tnsping.trace_directory=D:\app\Administrator\product\11.2.0\dbhome_1\NETWORK\ADMIN\log tnsping.trace_level=admin
捕获非加密情况数据
通过对客户端trace文件的分析,基本上可以发现客户端和服务端数据传输是明码方式进行,也就是说如果有人在这个网络上捕获包,进行分析,可以知道你的应用端和数据库端的所有操作,数据存在安全隐患
----数据库登录 [24-6月 -2018 12:37:55:555] nam_gnsp: Reading parameter "SQLNET.ENCRYPTION_CLIENT" from parameter file [24-6月 -2018 12:37:55:555] nam_gnsp: Parameter not found [24-6月 -2018 12:37:55:555] naequad: Using default value "ACCEPTED" [24-6月 -2018 12:37:55:555] nam_gic: entry [24-6月 -2018 12:37:55:555] nam_gic: Counting # of items in "SQLNET.ENCRYPTION_TYPES_CLIENT" parameter [24-6月 -2018 12:37:55:555] nam_gic: Parameter not found [24-6月 -2018 12:37:55:555] nam_gic: exit [24-6月 -2018 12:37:55:555] naesno: Using default value "all available algorithms" [24-6月 -2018 12:37:55:555] naeshow: entry [24-6月 -2018 12:37:55:555] naeshow: These are the encryption algorithms that the client will accept: [24-6月 -2018 12:37:55:555] naeshow: Choice 0: no algorithm; encryption inactive [24-6月 -2018 12:37:55:555] naeshow: Choice 1: 'AES256' (ID 17) [24-6月 -2018 12:37:55:555] naeshow: Choice 2: 'RC4_256' (ID 6) [24-6月 -2018 12:37:55:555] naeshow: Choice 3: 'AES192' (ID 16) [24-6月 -2018 12:37:55:555] naeshow: Choice 4: '3DES168' (ID 12) [24-6月 -2018 12:37:55:555] naeshow: Choice 5: 'AES128' (ID 15) [24-6月 -2018 12:37:55:555] naeshow: Choice 6: 'RC4_128' (ID 10) [24-6月 -2018 12:37:55:555] naeshow: Choice 7: '3DES112' (ID 11) [24-6月 -2018 12:37:55:555] naeshow: Choice 8: 'RC4_56' (ID 8) [24-6月 -2018 12:37:55:555] naeshow: Choice 9: 'DES' (ID 2) [24-6月 -2018 12:37:55:555] naeshow: Choice 10: 'RC4_40' (ID 1) [24-6月 -2018 12:37:55:555] naeshow: Choice 11: 'DES40' (ID 3) [24-6月 -2018 12:37:55:555] naeshow: exit ----数据库执行select * from dual查询 [24-6月 -2018 12:39:38:744] nioqrc: entry [24-6月 -2018 12:39:38:744] nsbasic_bsd: entry [24-6月 -2018 12:39:38:744] nsbasic_bsd: tot=0, plen=256. [24-6月 -2018 12:39:38:744] nttfpwr: entry [24-6月 -2018 12:39:38:744] nttfpwr: socket 888 had bytes written=256 [24-6月 -2018 12:39:38:744] nttfpwr: exit [24-6月 -2018 12:39:38:744] nsbasic_bsd: packet dump [24-6月 -2018 12:39:38:744] nsbasic_bsd: 01 00 00 00 06 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 03 5E 15 61 80 00 |...^.a..| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF 12 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 FE FF FF FF FF FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF 0D 00 00 00 FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 01 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF FE FF FF |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: FF FF FF FF FF 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 12 73 65 6C 65 63 74 |..select| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 20 2A 20 66 72 6F 6D 20 |.*.from.| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 64 75 61 6C 01 00 00 00 |dual....| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 01 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_bsd: exit (0) [24-6月 -2018 12:39:38:744] nsbasic_brc: entry: oln/tot=0,prd=0 ----返回查询结果 [24-6月 -2018 12:39:38:744] nsbasic_brc: packet dump [24-6月 -2018 12:39:38:744] nsbasic_brc: 01 04 00 00 06 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 10 17 00 00 00 02 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: FC 54 0D 44 40 AD B2 74 |.T.D@..t| [24-6月 -2018 12:39:38:744] nsbasic_brc: 09 CB A2 01 A7 2D 38 78 |.....-8x| [24-6月 -2018 12:39:38:744] nsbasic_brc: 76 04 15 03 3B 28 01 00 |v...;(..| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 01 00 00 00 51 01 |......Q.| [24-6月 -2018 12:39:38:744] nsbasic_brc: 80 00 00 01 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 54 03 01 |.....T..| [24-6月 -2018 12:39:38:744] nsbasic_brc: 01 00 00 00 01 05 05 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 05 44 55 4D 4D 59 |...DUMMY| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 07 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 07 78 76 04 15 05 |...xv...| [24-6月 -2018 12:39:38:744] nsbasic_brc: 0F 0C 01 00 00 00 E8 1F |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 02 00 00 00 02 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 06 22 |......."| [24-6月 -2018 12:39:38:744] nsbasic_brc: 01 00 00 00 00 00 01 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 07 01 58 08 |......X.| [24-6月 -2018 12:39:38:744] nsbasic_brc: 06 00 7E 2D 18 00 00 00 |..~-....| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 02 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 04 01 00 00 00 13 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 01 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 02 00 00 00 03 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 15 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 01 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 00 00 00 00 |........| [24-6月 -2018 12:39:38:744] nsbasic_brc: 00 00 00 00 |.... | [24-6月 -2018 12:39:38:744] nsbasic_brc: exit: oln=0, dln=250, tot=260, rc=0
启用数据传输加密
这几个参数,每个参数都有几种选项,具体在下文补充说明
--服务端配置sqlnet.ora中配置,并重启监听 SQLNET.ENCRYPTION_SERVER = requested SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_128) --客户端sqlnet.ora中配置 SQLNET.ENCRYPTION_CLIENT = requested SQLNET.ENCRYPTION_TYPES_CLIENT= (RC4_128)
捕获加密情况数据
----登录操作 [24-6月 -2018 12:45:16:786] nam_gnsp: Reading parameter "SQLNET.ENCRYPTION_CLIENT" from parameter file [24-6月 -2018 12:45:16:786] nam_gnsp: Found value "requested" [24-6月 -2018 12:45:16:786] nam_gic: entry [24-6月 -2018 12:45:16:786] nam_gic: Counting # of items in "SQLNET.ENCRYPTION_TYPES_CLIENT" parameter [24-6月 -2018 12:45:16:786] nam_gic: Found 1 items [24-6月 -2018 12:45:16:786] nam_gic: exit [24-6月 -2018 12:45:16:786] nam_gnsp: Reading parameter "SQLNET.ENCRYPTION_TYPES_CLIENT" from parameter file [24-6月 -2018 12:45:16:786] nam_gnsp: Found value "RC4_128" [24-6月 -2018 12:45:16:786] naeshow: entry [24-6月 -2018 12:45:16:786] naeshow: These are the encryption algorithms that the client will accept: [24-6月 -2018 12:45:16:786] naeshow: Choice 0: 'RC4_128' (ID 10) [24-6月 -2018 12:45:16:786] naeshow: Choice 1: no algorithm; encryption inactive ----发送查询select * from dual [24-6月 -2018 12:49:51:528] nttwr: socket 848 had bytes written=277 [24-6月 -2018 12:49:51:528] nttwr: exit [24-6月 -2018 12:49:51:528] nspsend: packet dump [24-6月 -2018 12:49:51:528] nspsend: 01 15 00 00 06 00 00 00 |........| [24-6月 -2018 12:49:51:528] nspsend: 00 00 DF CE 9E 46 DB 71 |.....F.q| [24-6月 -2018 12:49:51:528] nspsend: CE 88 43 9E CA 43 F8 BE |..C..C..| [24-6月 -2018 12:49:51:528] nspsend: E8 ED 07 F1 2E 93 B6 2C |.......,| [24-6月 -2018 12:49:51:528] nspsend: E9 5A E5 D8 06 8B DB EE |.Z......| [24-6月 -2018 12:49:51:528] nspsend: 66 9E B5 BB 24 C0 5E 4C |f...$.^L| [24-6月 -2018 12:49:51:528] nspsend: 33 9C 81 10 18 0F BE 30 |3......0| [24-6月 -2018 12:49:51:528] nspsend: 79 56 4C D8 4A F9 4D 78 |yVL.J.Mx| [24-6月 -2018 12:49:51:528] nspsend: 6A 42 24 89 D4 0D 1F 92 |jB$.....| [24-6月 -2018 12:49:51:528] nspsend: 44 24 DA 42 15 49 22 09 |D$.B.I".| [24-6月 -2018 12:49:51:528] nspsend: FE AF 07 EA 01 36 83 D4 |.....6..| [24-6月 -2018 12:49:51:528] nspsend: D6 B3 16 BD 1E B2 88 93 |........| [24-6月 -2018 12:49:51:528] nspsend: 29 39 DB 44 86 E5 C6 F2 |)9.D....| [24-6月 -2018 12:49:51:528] nspsend: DF 87 90 4B 6E 5A 66 D3 |...KnZf.| [24-6月 -2018 12:49:51:528] nspsend: B1 1A 3A 34 01 A9 C2 F1 |..:4....| [24-6月 -2018 12:49:51:528] nspsend: C7 08 06 50 2B BB C4 5E |...P+..^| [24-6月 -2018 12:49:51:528] nspsend: C0 80 D7 72 E4 D8 C0 B6 |...r....| [24-6月 -2018 12:49:51:528] nspsend: C4 31 90 9A 3C 83 B0 16 |.1..<...| [24-6月 -2018 12:49:51:528] nspsend: D1 AE 82 56 39 46 08 20 |...V9F..| [24-6月 -2018 12:49:51:528] nspsend: DE D2 DC 6B BC 5F BF 7E |...k._.~| [24-6月 -2018 12:49:51:528] nspsend: 25 2A 31 D7 A3 60 CE 7A |%*1..`.z| [24-6月 -2018 12:49:51:528] nspsend: 42 58 0A 43 11 F5 D6 0A |BX.C....| [24-6月 -2018 12:49:51:528] nspsend: 31 C8 96 38 F3 C2 90 6A |1..8...j| [24-6月 -2018 12:49:51:528] nspsend: 64 50 46 B0 A2 EF 1E 9A |dPF.....| [24-6月 -2018 12:49:51:528] nspsend: 86 11 67 C9 9B CD 8C 2B |..g....+| [24-6月 -2018 12:49:51:528] nspsend: 2A 02 0D 9B C3 C5 D3 23 |*......#| [24-6月 -2018 12:49:51:528] nspsend: 75 4C 4A 5B A3 85 80 C5 |uLJ[....| [24-6月 -2018 12:49:51:528] nspsend: FA F0 6C C3 23 72 D5 28 |..l.#r.(| [24-6月 -2018 12:49:51:528] nspsend: 0E 16 C7 C8 1B 3D CC B8 |.....=..| [24-6月 -2018 12:49:51:528] nspsend: 06 FA D7 FB 03 EB E6 41 |.......A| [24-6月 -2018 12:49:51:528] nspsend: 05 54 B0 5A 18 CC 7F E7 |.T.Z....| [24-6月 -2018 12:49:51:528] nspsend: 2D 36 C4 4A E6 B2 7F F6 |-6.J....| [24-6月 -2018 12:49:51:528] nspsend: 1E 10 5B 20 CF 60 FA D3 |..[..`..| [24-6月 -2018 12:49:51:528] nspsend: 6E B1 F7 9E 35 92 27 BA |n...5.'.| [24-6月 -2018 12:49:51:528] nspsend: 9A 4A F1 00 01 |.J... | [24-6月 -2018 12:49:51:528] nspsend: 277 bytes to transport [24-6月 -2018 12:49:51:528] nspsend: normal exit ----接收数据 [24-6月 -2018 12:49:51:528] nttrd: exit [24-6月 -2018 12:49:51:528] nsprecv: 262 bytes from transport [24-6月 -2018 12:49:51:528] nsprecv: tlen=262, plen=262, type=6 [24-6月 -2018 12:49:51:528] nsprecv: packet dump [24-6月 -2018 12:49:51:528] nsprecv: 01 06 00 00 06 00 00 00 |........| [24-6月 -2018 12:49:51:528] nsprecv: 00 00 63 2C 04 99 D8 25 |..c,...%| [24-6月 -2018 12:49:51:528] nsprecv: 40 38 A0 30 AE 3D 24 05 |@8.0.=$.| [24-6月 -2018 12:49:51:528] nsprecv: 97 E4 70 E9 1D 76 8B A0 |..p..v..| [24-6月 -2018 12:49:51:528] nsprecv: 38 AD 7E D3 B1 A1 BD B7 |8.~.....| [24-6月 -2018 12:49:51:528] nsprecv: 29 1F 0C 19 9A 0B FD D0 |).......| [24-6月 -2018 12:49:51:528] nsprecv: F3 13 51 E0 78 C2 7C 7D |..Q.x.|}| [24-6月 -2018 12:49:51:528] nsprecv: 37 BC AA 25 23 20 FF 05 |7..%#...| [24-6月 -2018 12:49:51:528] nsprecv: E0 F6 AF C3 53 C9 50 2F |....S.P/| [24-6月 -2018 12:49:51:528] nsprecv: 68 0D F1 CB CE B8 90 6B |h......k| [24-6月 -2018 12:49:51:528] nsprecv: 90 CC B2 B5 DF D8 C3 BC |........| [24-6月 -2018 12:49:51:529] nsprecv: F0 7A 37 E7 1B FA 3E 6B |.z7...>k| [24-6月 -2018 12:49:51:529] nsprecv: 13 90 7A 10 1C 6D C5 40 |..z..m.@| [24-6月 -2018 12:49:51:529] nsprecv: BC E0 B9 4F 69 10 49 4D |...Oi.IM| [24-6月 -2018 12:49:51:529] nsprecv: B9 78 2E 28 B3 8C 05 53 |.x.(...S| [24-6月 -2018 12:49:51:529] nsprecv: 18 99 B2 AF 46 AE 1D D7 |....F...| [24-6月 -2018 12:49:51:529] nsprecv: 0E 19 56 28 7A B6 16 72 |..V(z..r| [24-6月 -2018 12:49:51:529] nsprecv: 46 57 C9 7A 1C DB D1 A2 |FW.z....| [24-6月 -2018 12:49:51:529] nsprecv: A2 35 B7 DD 63 EA 5E 07 |.5..c.^.| [24-6月 -2018 12:49:51:529] nsprecv: F9 E1 4E 54 D0 57 63 9D |..NT.Wc.| [24-6月 -2018 12:49:51:529] nsprecv: 12 B0 7B 6F 0C DC 98 90 |..{o....| [24-6月 -2018 12:49:51:529] nsprecv: C1 71 3B BD DA 27 03 CE |.q;..'..| [24-6月 -2018 12:49:51:529] nsprecv: 4B FA 5D 64 31 17 D1 CC |K.]d1...| [24-6月 -2018 12:49:51:529] nsprecv: 49 A7 A7 47 D8 26 81 23 |I..G.&.#| [24-6月 -2018 12:49:51:529] nsprecv: BC 9E 54 76 C9 98 07 CF |..Tv....| [24-6月 -2018 12:49:51:529] nsprecv: CF 97 A4 70 57 68 80 16 |...pWh..| [24-6月 -2018 12:49:51:529] nsprecv: 45 14 3D 32 06 3E 1A 06 |E.=2.>..| [24-6月 -2018 12:49:51:529] nsprecv: 0A D6 8F 51 29 D3 A4 2E |...Q)...| [24-6月 -2018 12:49:51:529] nsprecv: 06 0C 03 B1 7A D1 5B 3B |....z.[;| [24-6月 -2018 12:49:51:529] nsprecv: 22 9A 6B 0F CD F7 EA 8C |".k.....| [24-6月 -2018 12:49:51:529] nsprecv: D7 8C CE F8 B6 9E 80 01 |........| [24-6月 -2018 12:49:51:529] nsprecv: 95 1A D8 35 31 84 D6 42 |...51..B| [24-6月 -2018 12:49:51:529] nsprecv: 7C CC 2D 31 00 01 ||.-1.. | [24-6月 -2018 12:49:51:529] nsprecv: normal exit
这里可以发现,通过配置相关传输加密之后,客户端trace看到的已经是加密之后的数据,也就是说这样可以确保数据传输安全,网络上就算捕获这些包,也无法知道应用端和数据库端交互的内容.
补充说明
1. ENCRYPTION_SERVER和ENCRYPTION_CLIENT参数对应关系
2. ENCRYPTION_TYPES_SERVER和ENCRYPTION_TYPES_CLIENT采用加密算法选择,可以选择adapters查看到的一种或者多种,默认为支持所有加密算法
3. 对于jdbc应用来说,可以参考下列配置方式
import oracle.jdbc.OracleConnection; import oracle.jdbc.pool.OracleDataSource; import java.sql.*; import java.util.*; class Employee1{ public static void main (String args []) throws Exception { OracleDataSource ods = new OracleDataSource(); Properties props = new Properties(); props.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL, "REQUIRED"); props.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES, "(AES256,AES192,AES128)"); ods.setURL("jdbc:oracle:thin:@//yourHost:port/dbServiceName"); ods.setUser("scott"); ods.setPassword("tiger"); ods.setConnectionProperties(props); Connection conn = ods.getConnection(); // Create a Statement Statement stmt = conn.createStatement (); // Select the ENAME column from the EMP table ResultSet rset = stmt.executeQuery ("select ENAME from EMP"); // Iterate through the result and print the employee names while (rset.next ()) System.out.println (rset.getString (1)); rset.close(); stmt.close(); conn.close(); } }