The Oracle driver supports Oracle Advanced Security encryption and data integrity for all supported Oracle databases. For information about configuring your database server, refer to your Oracle documentation.
If you plan to use an encryption algorithm with a key size of more than 128 bits, you must override the policy files in your JVM with the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, available on Oracle's Website.
Encrypting network data provides data privacy so that unauthorized parties cannot view and alter clear text data as it passes over the network. Oracle Advanced Security provides the Advanced Encryption Standard (AES), DES, 3DES, and RC4 symmetric cryptosystems for protecting the confidentiality of network traffic.
In addition, data integrity checks protect against the following types of attacks.
In a data modification attack, an unauthorized party intercepts transmitted data, alters it, and retransmits it. For example, suppose a customer order for 5 widgets for delivery to an office in San Francisco is intercepted. A data modification attack might change the quantity to 500 and the delivery address to a warehouse in Los Angeles, and then retransmit the order.
In a replay attack, a set of valid data is retransmitted a number of times. For example, an order for 100 widgets is intercepted and then retransmitted ten times so the final order quantity equals 1,000 widgets.
Because data integrity protection operates independently from the encryption process, you can enable data integrity with or without enabling encryption.
• To configure Oracle Advanced Security encryption:
1. Set the EncryptionLevel property to accepted, requested, or required.
2. Set the EncryptionTypes property to one or multiple algorithms.
• To configure Oracle Advanced Security data integrity:
1. Set the DataIntegrityLevel property to accepted, requested, or required.
2. Set the DataIntegrityTypes property to one or multiple algorithms.
In a data modification attack, an unauthorized party intercepts transmitted data, alters it, and retransmits it. For example, suppose a customer order for 5 widgets for delivery to an office in San Francisco is intercepted. A data modification attack might change the quantity to 500 and the delivery address to a warehouse in Los Angeles, and then retransmit the order.