Skip to Content
avatar image
Former Member

Communication channel between application systems (ERP/SAP) and database

Hi,

We have an audit finding that Communication channel between application systems (ERP/SAP) and database are not encrypted.

1. Is it a standard practice to have an encripted channel.

2. If so, how can we achieve the channel encription.

3. If not how can we justify to the auditors that we are not keeping encription channel between database and application.

Regards,

Suhail Qadri

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Apr 05, 2011 at 11:26 AM

    > 1. Is it a standard practice to have an encripted channel.

    This depends on your requirements, some industries require encryption, others not.

    > 2. If so, how can we achieve the channel encription.

    Check Note 973450 - Oracle Advanced Security: Network encryption

    > 3. If not how can we justify to the auditors that we are not keeping encription channel between database and application.

    >

    Has someone physical access to the network? Is it a separated (isolated) network?

    Markus

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi!

      We have used the note Markus mention, and encryption works fine for us.

      Remember to set required for encryption and choose an alogorythm that are valid for all of your systems.

      If You are using rman catalog in another database, remember to activate/install ASO on client side here too.

      Regards

      Audun

      DBA

      who likes encrypted communications 😊