Security for OSM Database
- Last UpdatedSep 05, 2024
- 1 minute read
Database security
Topics about securing the OSM Database.
Configuration of TCP/IP with SSL and TLS for Database Connections
We recommend encrypting the database connection by configuring TCP/IP with SSL and TLS for database connections.
This can be configured using different encryption modes and can also include adding a certificate, communication on port 2484, and other specific setup based on the network and Oracle version being used.
Please refer to Oracle documentation for more information.
Oracle Database Vault
It is possible to set up and use the Oracle database vault, which has security controls that can restrict access to application data to privileged database users, reducing the risk of insider and and outside threats.
Please refer to Oracle documentation for more information.
Transparent Data Encryption (TDE)
Transparent data encryption enables you to encrypt data that is stored in tables and tablespaces where only authorized users will be able to retrieve the data that is decrypted.
Database performance can be affected by this, so we recommended doing some specific testing in the customer environment to see how this will affect your project performance.
Please refer to Oracle documentation for more information.
Enable Oracle native encryption
This recommendation is only for Oracle Server on the DB server itself.
To enable Oracle native encryption
-
Inside Oracle server open sqlnet.ora file, add below lines. This will force all clients to use encryption.
SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)