skip to main content
Using the Driver : Using Security : Summary of Security-Related Options
  

Try DataDirect Drivers Now

Summary of Security-Related Options

The following table summarizes how security-related connection options work with the drivers. The connection options are listed alphabetically by the GUI name that appears on the driver Setup dialog box. The connection string attribute name is listed immediately after the GUI name in parentheses. See "Connection Option Descriptions" for details about configuring the options.
Table 6. Summary: Authentication Connection Options
Option
Description
Specifies the method the driver uses to authenticate the user to the server when a connection is established.
If set to 1 (Encrypt Password), the driver sends the user ID in clear text and an encrypted password to the server for authentication.
If set to 3 (Client Authentication), the driver uses client authentication when establishing a connection. The database server relies on the client to authenticate the user and does not provide additional authentication.
If set to 4 (Kerberos Authentication), the driver uses Kerberos authentication. This method supports both Windows Active Directory Kerberos and MIT Kerberos environments.
When set to 5 (Kerberos with UID & PWD), the driver uses both Kerberos authentication and user ID and password authentication. The driver first authenticates the user using Kerberos. If a user ID and password are specified, the driver reauthenticates using the user name and password supplied. An error is generated if a user ID and password are not specified.
If set to 6 (NTLM), the driver uses NTLMv1 authentication for Windows clients.
If set to 11 (SSL), the driver uses SSL certificate information to authenticate the client with the server when using Oracle Wallet. The User Name and Password options should not be specified. See "Oracle Wallet SSL Authentication" for additional requirements.
If set to 12 (SSL with UID & Password), the driver uses user ID/password and SSL authentication to connect with the server when using Oracle Wallet. See "Oracle Wallet SSL Authentication" for additional requirements.
If set to 14 (Wallet UID & PWD), the driver authenticates to the server using a user ID and password retrieved from Oracle Wallet. See "Oracle Wallet Password Store" for additional requirements.
Default: 1 (Encrypt Password)
Specifies the string value used to identify database credential information stored in an Oracle Wallet. When Authentication Method is set to 14 (Wallet UID & PWD), the driver retrieves the user ID and password associated with the specified value from the wallet and uses them to authenticate to the server. This value provides a method for the correct user ID and password to be retrieved when there are multiple pairs in a wallet.
See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature.
Specifies the password used to access the Oracle Wallet in which your database credential information is stored. When Authentication Method is set to 14 (Wallet UID & PWD), the driver uses this value to retrieve the database user ID and password that is stored in the wallet file specified by the Credentials Wallet Path option.
See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature.
Specifies the fully-qualified path to the Oracle Wallet file in which your database credential information is stored. When Authentication Method is set to 14 (Wallet UID & PWD), the driver retrieves the database user name and password from this file.
See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature.
The name of the GSS client library that the driver uses to communicate with the Key Distribution Center (KDC).
Default: native (The driver uses the GSS client shipped with the operating system.)
Specifies the proxy user ID used for impersonation. The value for Impersonate User determines your identity and permissions when executing queries. When a value is specified for this option, the driver authenticates according to the setting of the Authentication Method option; then, after establishing a connection, the driver attempts to reauthenticate as the destination user. Note that the administrator must grant CONNECT THROUGH permission to the authenticated user in order to impersonate the destination user; otherwise, an error is returned.
Default: None
The default user ID that is used to connect to your database.
Default: None
Table 7. Summary: Data Encryption Connection Options
Option
Description
Determines which version of the OpenSSL library file the driver uses for data encryption.
Default: 1.1.1,1.0.2
Specifies the cryptographic protocols to use when SSL is enabled using the Encryption Method connection option (EncryptionMethod=1).
Default: TLSv1.2, TLSv1.1, TLSv1
The absolute path for the OpenSSL library file containing the cryptographic library to be used by the data source or connection when SSL is enabled. The cryptograpic library contains the implementations of cryptographic algorithms the driver uses for data encryption.
Default: Empty string
The method the driver uses to encrypt data sent between the driver and the database server.
If set to 0 (No Encryption), data is not encrypted.
If set to 1 (SSL), data is encrypted using the SSL protocols specified in the Crypto Protocol Version connection option.
Default: 0 (No Encryption)
A host name for certificate validation when SSL encryption is enabled (Encryption Method=1) and validation is enabled (Validate Server Certificate=1).
Default: None
Specifies the password used to access the individual keys in the keystore file when SSL is enabled (Encryption Method=1) and SSL client authentication is enabled on the database server.
Default: None
The absolute path of the keystore file to be used when SSL is enabled (EncryptionMethod=1) and SSL client authentication is enabled on the database server.
Default: None
The password used to access the keystore file when SSL is enabled (EncryptionMethod=1) and SSL client authentication is enabled on the database server.
Default: None
The absolute path for the OpenSSL library file containing the SSL library to be used by the data source or connection when SSL is enabled. The SSL library contains the implementations of SSL protocols the driver uses for data encryption.
Default: Empty string
The absolute path of the truststore file to be used when SSL is enabled (EncryptionMethod=1) and server authentication is used.
Default: None
Specifies the password that is used to access the truststore file when SSL is enabled (EncryptionMethod=1) and server authentication is used.
Default: None
If enabled, the driver validates the certificate that is sent by the database server. Any certificate from the server must be issued by a trusted CA in the truststore file. If the Host Name In Certificate option is specified, the driver also validates the certificate using a host name. The Host Name In Certificate option provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.
If disabled, the driver does not validate the certificate that is sent by the database server. The driver ignores any truststore information specified by the Trust Store and Trust Store Password options.
Default: Enabled