Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Specify password hash instead of clear password in Oracle JDBC client

I'm using Oracle JDBC driver in my Java app to reach Oracle DB. Creating the connection using code:

DriverManager.getConnection(
"jdbc:oracle:thin:@myserver:port:mySID", 
"myuser", 
"mypassword");

requires the real password. Is there a way to specify the password hash instead such as:

DriverManager.getConnection(
"jdbc:oracle:thin:@myserver:port:mySID", 
"myuser", 
"mypasswordHash");
like image 508
Cagin Uludamar Avatar asked Nov 19 '13 12:11

Cagin Uludamar


People also ask

Does JDBC use Sqlnet Ora?

You are correct: sqlnet. ora is exclusive to the JDBC thick/OCI driver. Changing parameters in sqlnet. ora will have no effect on the JDBC thin connection.

Is JDBC encrypted Oracle?

Oracle Advanced Security, previously known as the Advanced Networking Option (ANO) or Advanced Security Option (ASO), includes features to support data encryption, data integrity, third-party authentication, and authorizations. Oracle JDBC supports most of these features.

What is secure JDBC?

JDBC is a database connection protocol, it's as secure as all other means to connect to database. Most secure issues have nothing to do with JDBC protocol itself. For example, you can minimize the risk of SQL Injection by using Prepared Statement.

Are JDBC connections encrypted?

An Always Encrypted enabled driver, such as the Microsoft JDBC Driver 6.0 (or higher) for SQL Server, achieves this behavior by transparently encrypting and decrypting sensitive data in the client application.


1 Answers

According to Does the Oracle JDBC client encrypt password when you make a connection? there is no need to use a hash when connecting. If you just want nobody to be able to read the password in plain text then have a look at Encrypt Password in Configuration Files?.

Oracles approach closest to obfuscation seems to be wallets with "auto login": For a Java example see http://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/. But this seems to require specific Oracle Admin actions: see How to Create a Complete Wallet (maybe your DBA knows more about it). For other options to connect without a password in the clear see JDBC Client-Side Security Features.

like image 112
halfbit Avatar answered Oct 24 '22 01:10

halfbit