Oracle (Data Direct - Service Name)

Configure an Oracle datasource with DataDirect connection on your Guardium® system.

Supported Authentication Methods

Authentication Supported
Local user Yes
LDAP Yes
Kerberos No
SSL Yes
Mutual SSL Yes

Parameters

Field Description
Host Name/IP Required. The hostname or IP address of the datasource.
Port number Required. Default value: 1521
Service name The service name of the database.
Schema The name of the database schema.
Connection property Properties that must be included in the JDBC URL to establish a JDBC connection with the datasource. The required format is property1=value;property2=value, where each property and value pair is separated by a semicolon.
For examples, refer to the database vendor's JDBC documentation.

The Oracle JDBC driver does not require a connection property. But the latest Oracle JDBC driver must be downloaded from Oracle. The filename is ojdbc7.jar. Search and download the open source JDBC drivers. For example: use the search query open source JDBC driver for Oracle. Then upload the driver to the appliance using the Guardium Customer Uploads function.

If you continue to use the Oracle DataDirect driver, then you must specify a connection property to the datasource.

  • Use the following definitions for the Oracle DataDirect driver connection property: DataIntegrityLevel=required;EncryptionLevel=required;DataIntegrityTypes=(MD5,SHA1)
  • If you use CRYPTO_CHECKSUM_TYPES in your sqlnet.ora, use the following examples:
    • oracle.net.encryption_client=rc4_256;oracle.net.crypto_checksum_types_client=MD5
    • oracle.net.encryption_client=aes256;oracle.net.crypto_checksum_types_client=MD5
    • oracle.net.encryption_client=rc4_256;oracle.net.crypto_checksum_types_client=SHA1
  • To authenticate to Oracle LDAP, which is also known as OID, use the LDAP server host or IP, the LDAP server port, the Oracle instance name and the realm. Enter the custom URL jdbc:guardium:oracle:@ldap://wi3ku2x32t4:389/on0maver;cn=OracleContext;dc=vguardium;dc=com
  • The Oracle default user sys, is the owner of the database instance and has super user privileges, similar to root on Unix. The SYSDBA role has administrative privileges that are required to perform many high-level administrative operations such as starting and stopping the database, as well as performing operations such as backup and recovery. This SYSDBA role can also be granted to other users. The phrase sys as SYSDBA refers to the connection method required to connect as the sys user.
  • To monitor values for Oracle 10 open source driver, enter the connection property: internal_logon=sysdba
  • To use the SYSDBA role, enter the connection property SysLoginRole=sysdba
  • To initiate an SSL datasource connection with server signed or mutual authentication, enter the connection property: EncryptionMethod=SSL.
For an Oracle encrypted connection, define the connection property as: oracle.net.encryption_client=REQUIRED;oracle.net.encryption_types_client=RC4_40.
Note: A datasource that is defined to use 3DES168 encryption, throws an ORA-17401 protocol error or ORA-17002 checksum error when it encounters any SQL error. To fix this error, close and reopen the connection.

If the connection is unsuccessful because the HostNameInCertificate does not match, enter this string as the connection property using the certificate name provided in the error message: EncryptionMethod=SSL;HostNameInCertificate=certificate name.
Custom URL The connection string to the datasource. When the custom URL is not provided, the datasource connection is made by using properties such as the hostname and port number.
  • When you specify a Custom URL field with the Oracle Open Source format, specify jdbc:guardium:oracle://;SID=<SID>.
  • When you create a datasource for an Oracle database with Oracle Advanced Security enabled, specify EncryptionLevel=required in the Custom URL field of the datasource definition.
To initiate an SSL datasource connection using the Oracle JDBC driver, setup the connection URL using one of the examples below. Refer to the Oracle JDBC connection syntax.

Example:

jdbc:oracle:thin:@(description= (address=(protocol=tcps)(port=1522)(host=adwc.uscom-west-1.oraclecloud.com))(connect_data=(service_name=VOVO0MKSEWWJ3PSJ_ISVDRIVERSDB_medium.dwcs.oracle.com))(security=(ssl_server_cert_dn="CN=adwc-dev.uscom-east-1.oraclecloud.com,OU=Testing Domain,O=End Point,L=Redwood Shores,ST=California,C=US")))

CAS (Configuration Auditing System) database instance

If you are a CAS user, configure the CAS database instance.

Field Description
Account The Oracle installation user.
Directory The directory of $ORACLE_HOME.