Security between the Oracle Database and the adapter

The Oracle Database adapter provides no support for helping to secure communication between it and the Oracle database. You must provide a security mechanism to help ensure appropriate levels of authorization, authentication, data privacy, and data integrity for data exchanges between the adapter and the Oracle database.

One possible mechanism for helping to provide more security across the network is Internet Protocol Security (IPsec). IPsec is a framework of open standards for protecting communications over Internet Protocol (IP) networks. For more information about IPsec and about using IPsec with Microsoft products, see the Microsoft TechNet article "IPsec" at https://go.microsoft.com/fwlink/?LinkId=196851.

However, in the absence of security mechanisms like IPsec, the administrator must configure native Oracle data encryption and integrity to ensure secure data exchanges between the adapter client and the Oracle database. For detailed information about configuring native Oracle data encryption and integrity, see https://go.microsoft.com/fwlink/p/?LinkId=140032.

You must supply user name password credentials to the Oracle Database adapter. The Oracle Database adapter uses these credentials to authenticate the user on the Oracle database when it opens a connection. These credentials provide a level of authorization on the Oracle database for the connection.

Note

The credentials used by the Oracle Database adapter to establish a connection on the Oracle database do not provide message-level or transport-level authentication or authorization for data traveling across the network. They are only used to open a connection and authenticate the user on the Oracle database.

The Oracle Database adapter provides a number of methods through which you can supply these credentials. For information about how to more securely provide Oracle credentials in BizTalk solutions, see Security with the Oracle Database adapter and Biztalk Server. For information about how to more securely provide Oracle database credentials in programming solutions, see Secure programming with the Oracle Database adapter.

Managing Audit Logs

Audit logs enable you to store information about the actions performed by various clients on your enterprise software, and helps usage monitoring and problem tracking. However, the Oracle Database adapter does not provide any way to manage audit logs for the actions performed by the adapter clients on the Oracle database. This might pose a security threat as the adapter clients can repudiate the actions performed by them on the Oracle database. To mitigate this issue, you must enable audit trail in Oracle to log the actions performed by the adapter clients on the Oracle database.

See Also

Secure your Oracle Database applications Best Practices