Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Specify password hash instead of clear password in Oracle JDBC client

Tags:

java

security

oracle

jdbc

I'm using Oracle JDBC driver in my Java app to reach Oracle DB. Creating the connection using code:

DriverManager.getConnection(
"jdbc:oracle:thin:@myserver:port:mySID", 
"myuser", 
"mypassword");

requires the real password. Is there a way to specify the password hash instead such as:

DriverManager.getConnection(
"jdbc:oracle:thin:@myserver:port:mySID", 
"myuser", 
"mypasswordHash");
like image 508
Cagin Uludamar Avatar asked Nov 19 '13 12:11

Cagin Uludamar

People also ask

Does JDBC use Sqlnet Ora?

You are correct: sqlnet. ora is exclusive to the JDBC thick/OCI driver. Changing parameters in sqlnet. ora will have no effect on the JDBC thin connection.

Is JDBC encrypted Oracle?

Oracle Advanced Security, previously known as the Advanced Networking Option (ANO) or Advanced Security Option (ASO), includes features to support data encryption, data integrity, third-party authentication, and authorizations. Oracle JDBC supports most of these features.

What is secure JDBC?

JDBC is a database connection protocol, it's as secure as all other means to connect to database. Most secure issues have nothing to do with JDBC protocol itself. For example, you can minimize the risk of SQL Injection by using Prepared Statement.

Are JDBC connections encrypted?

An Always Encrypted enabled driver, such as the Microsoft JDBC Driver 6.0 (or higher) for SQL Server, achieves this behavior by transparently encrypting and decrypting sensitive data in the client application.

1 Answers

According to Does the Oracle JDBC client encrypt password when you make a connection? there is no need to use a hash when connecting. If you just want nobody to be able to read the password in plain text then have a look at Encrypt Password in Configuration Files?.

Oracles approach closest to obfuscation seems to be wallets with "auto login": For a Java example see http://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/. But this seems to require specific Oracle Admin actions: see How to Create a Complete Wallet (maybe your DBA knows more about it). For other options to connect without a password in the clear see JDBC Client-Side Security Features.

like image 112
halfbit Avatar answered Oct 24 '22 01:10

halfbit
Sign in to Comment

Related questions

Separated API and Implementation Project Structure
How to seperate unit and integration tests in testng + maven using annotations?
Best practice for saving data in abstract classes
How to avoid mock object's method calls in strings used for logging?
International resources
Maven compilation error for android Project "error: package R does not exist "
Import FindBugs configuration from Sonar to Maven
Hibernate Dynamic Models
infinispan cache object update in transaction roll back issue
How to proxy different WARs in Tomcat 7?
java complex statement execution order
Can NetBeans 7.4 have JDK 1.6 as a default platform?
playing WAV file over GSM modem
Sqlite - on downgrade
SSL - only allow specific clients or servers (Java truststore)
Inner Enum in non-static context
JAX-RS Application subclass injection
How do I programmatically change the Eclipse CDT tool settings for a file?
Use Javamail for accessing Microsoft Exchange mailboxes (IMAP, MS Exchange)
Hibernate entity manager looking for tables in different schemas

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!