php - Oracle OCI parallel connection to an encrypted and non-encrypted Oracle instance

519

From the same PHP script I need to connect to two different Oracle databases, one which requires an encrypted connection and one which doesn't. The problem is that the one which requires encrypted connection doesn't mandate it on servers side, so I need to set 'require' on client side.

I can do that by creating an sqlnet.ora file in my $ORACLE_HOME:

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5)
SQLNET.ENCRYPTION_TYPES_CLIENT = (RC4_256)
SQLNET.ENCRYPTION_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required

The problem is that then my other connection will also require encryption, so it will fail. I need both connections in the same script, so I cannot just set a different ORACLE_HOME for the two, as they are part of the same script.

Anybody has any idea how to resolve this? Would it be possible to set the encryption on connection level, so I could set one as 'require' and other to 'none'? Would it be possible to have two different ORACLE_HOMEs in the same script for the two different connections?

942

Answer

Solution:

When using required the connection will fail if the other side specifies rejected (no encryption), or if there is no compatible algorithm on the other side.

You need to use requested. When using requested the service (encryption) will be active if the other side of the connection specifies either accepted, required, or requested, and there is a compatible algorithm available on the other side; it will otherwise be inactive (but wont fail).

Source: Oracle Database Online Documentation 11g Release 1 (11.1) / Database Administration / Securing the Network

People are also looking for solutions to the problem: php - Using flashvar inside actionscript

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.