Tuesday, April 28, 2009

SSL Overview in Apps

Today I am going to cover overview of SSL & various components of oracle Apps in which you can configure SSL.

What is SSL ?
SSL stands for Secure Socket Layer which is protocol developed by Netscape. Data Transferred between Server & Client is Secured (Encrypted)

Why I need a SSL in Oracle Applications ?
Usually data transmitted between client machine & server (Web Server on http protocol & Forms Server on Sockets ) is clear text packets. Any one can put Packet Sniffer between Client machine & Server & can open & read all data transaction between your machine & Server (If he/she has network access) Hacker can get your Username/Password or any sensitive data. This become critical when you have Internet access to Oracle Applications 11i (Usually Self Service Implementation)

Where I need to configure SSL in Apps ?
Communication between Client & Oracle Applications happen via three components.
--Oracle Web Server (Initial Connection & all self service access is via Web Server/Apache). If your Form Server is in servlet Mode then Core Applications are also accessed via Web Server (Jserv Component)
--Oracle Form Server : For Core Oracle Application Access (Forms)
--Database : You access web server which in turn talks to database Server via UTL_HTTP package via dad (/pls/$SID)

So You enable SSL on particular component depending on your requirement & component which is accessible over Internet & should be secured. You can Implement across all three component or only one or any two.

What is common deployment for Internet Facing Oracle Applications ?
Though you can configure SSL for Web, Forms & database for extra Security but Usually most prone & Internet facing component is Web Server (For Self Service Applications) so common trend is to Enable SSL between Client Machine & Web Server (Apache) in Oracle Applications.

What will happen w.r.t. Data communication after enabling SSL ?
By default you access Applications over HTTP (Hyper Text Transfer Protocol) but after enabling SSL on web server you will access via HTTPS (Secure) . Data will be encrypted at one end & decrypted at other end.

More on
How Data Encryption Happens ....
Is there any performance overheads ....
What is openssl & oracle Wallets ...
How to configure SSL in Oracle Apps 11i ...
and lot more on SSL coming in Next Post

No comments:

Post a Comment