The advanced security options of the Oracle database provide multiple functions such as encryption of transmission data and verification of data integrity, which can ensure the security of data transmission to a certain extent .
There are two ways to connect to the ORACLE database, one is through the sqlnet.ora file, and the other is through JDBC .
This feature was briefly tested in order to use Oracle 's advanced security options:
In terms of functions: Whether it is using sqlnet.ora or connecting to the ORACLE database through JDBC, data encryption can be achieved in both ways.
Performance: without encryption, the execution time is short, the number of data packets is relatively small, and the CPU idle rate is relatively high. Encryption algorithms using RC4_40 and RC_4_56 have less impact on performance, CPU usage and execution time
increase by no more than 1%. Using DES40C and DES56C has no more than 2% impact on system performance.
High-frequency call test: We use loadrunner to simulate 10 clients to make simultaneous calls. The CPU occupancy rate without encryption is about 2-3% lower than the CPU occupancy rate when the encryption algorithm is used. For this test, using the RC4_40 and RC4_56 algorithms saves about 10 seconds compared to using the DES40 and DES50 algorithms.
Through testing, we can see that encrypting the transmitted data will have a certain impact on system performance, but this impact is not very large. By comparing several encryption algorithms, we can see that the RC series algorithms are significantly better than the DES series algorithms. On some DML statements, the performance of RC4_40 is better than that of RC4_56.
Therefore, here we propose to use the RC_40 algorithm to encrypt the data passing through.
Setting transmission encryption on the server side is achieved by setting the sqlnet.ora file. This file can be modified dynamically, that is to say, the file can be opened directly when the database is running, and the following code will take effect immediately:
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_40)
SQLNET.ENCRYPTION_SERVER = accepted
SQLNET.CRYPTO_SEED = # encrypted seed
Connecting to the ORACLE database through the sqlnet.ora file also has this file on the client side. The settings can also be dynamically modified, and the following code will take effect immediately:
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_40)
SQLNET.ENCRYPTION_SERVER = requested
SQLNET.CRYPTO_SEED = # encrypted seed
To connect to the database through JDBC, you need to add the following code to the encrypted web page:
<%@ page session="false" %>
<%@ page import="java.sql.*" %>
<%@ page import="java.io.*" %>
<%@ page import="java.util.*" %>
<%@ page import="oracle.net.ns.*" %>
<%@ page import="oracle.net.ano.*" %>
Properties prop = new Properties;
prop.put("user","test");
prop.put("oracle.net.encryption_client", "REQUESTED");
prop.put("oracle.net.encryption_types_client", "(RC4_40)");
——No need to set encrypted seed.
The above encryption code is added to each web page using JDBC to connect to the database and it will take effect immediately.