Security tab
- Last Updated: January 22, 2025
- 1 minute read
- DataDirect Connectors
- ODBC
- Oracle Database Wire Protocol 8.0
- Documentation
The Security tab allows you to specify your security settings. The fields are optional unless otherwise noted. On this tab, provide values for the options in the following table; then, click Apply.
See "Using security" for a general description of authentication and encryption and their configuration requirements.
| Connection Options: Security | Description |
|---|---|
| User Name | The default user ID that is used to
connect to your database. Your ODBC application may override this value or you may
override it in the logon dialog box or connection string. Default: None |
| Impersonate User | Specifies the proxy user ID used for impersonation. The value
for Impersonate User determines your identity and permissions when executing queries.
When a value is specified for this option, the driver authenticates according to the
setting of the Authentication Method option; then, after establishing a connection,
the driver attempts to reauthenticate as the destination user. Note that the
administrator must grant CONNECT THROUGH permission to the authenticated user in order
to impersonate the destination user; otherwise, an error is returned. Default: None |
| Authentication Method | Specifies the method the driver uses to authenticate the user to
the server when a connection is established. If set to 1 - Encrypt Password, the driver sends the user ID in clear text and an encrypted password to the server for authentication. If set to 3 - Client Authentication, the driver uses client authentication when establishing a connection. The database server relies on the client to authenticate the user and does not provide additional authentication. If set to 4 - Kerberos Authentication, the driver uses Kerberos authentication. This method supports both Windows Active Directory Kerberos and MIT Kerberos environments. When set to 5 - Kerberos with UID & PWD, the driver uses both Kerberos authentication and user ID and password authentication. The driver first authenticates the user using Kerberos. If a user ID and password are specified, the driver reauthenticates using the user name and password supplied. An error is generated if a user ID and password are not specified. If set to 6 - NTLM, the driver uses NTLMv1 authentication for Windows clients. If set to 11 - SSL, the driver uses SSL certificate information to authenticate the client with the server when using Oracle Wallet. The User Name and Password options should not be specified. See "Oracle Wallet SSL Authentication" for additional requirements. If set to 12 - SSL with UID & Password, the driver uses user ID/password and SSL authentication to connect with the server when using Oracle Wallet. See "Oracle Wallet SSL Authentication" for additional requirements. If set to 16 - Wallet UID & PWD, the driver authenticates to the server using a user ID and password retrieved from Oracle Wallet. See "Oracle Wallet Password Store" for additional requirements. If set to 38 - EntraIDAccessToken, the driver authenticates to the server using an Entra ID access token. This setting requires the Entra Access Token option to be specified. If an access token is not specified, the driver throws an exception. All communications with the service are encrypted using TLS/SSL encryption. Default: 1 - Encrypt Password |
| GSS Client Library | The name of the GSS client library that the driver uses to communicate with the
Key Distribution Center (KDC). Default: native |
| Credentials Wallet Path | Specifies the fully-qualified path to the Oracle Wallet file in
which your database credential information is stored. When Authentication Method is
set to 16 - Wallet UID & PWD, the driver
retrieves the database user name and password from this file. See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature. |
| Credentials Wallet Entry |
Specifies the string value used to identify database credential information stored in an Oracle Wallet. When Authentication Method is set to 16 - Wallet UID & PWD, the driver retrieves the user ID and password associated with the specified value from the wallet and uses them to authenticate to the server. This value provides a method for the correct user ID and password to be retrieved when there are multiple pairs in a wallet. See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature. |
| Encryption Method | The method the driver uses to encrypt
data sent between the driver and the database server. If set to 0 - No Encryption, data is not encrypted. If set to 1 - SSL Auto, data is encrypted using the TLS/SSL protocols specified in the Crypto Protocol Version connection option. Default: 0 - No Encryption |
| Crypto Protocol Version | Specifies the cryptographic protocols to
use when TLS/SSL is enabled, where the highest version supported by the server is
used. If none of the specified protocols are supported by the database server, the
connection fails and the driver returns an error. Default: TLSv1.3,TLSv1.2 |
| Validate Server Certificate | If enabled, the driver validates the certificate that is sent by
the database server. Any certificate from the server must be issued by a trusted CA in
the truststore file. If the Host Name In Certificate option is specified, the driver
also validates the certificate using a host name. The Host Name In Certificate option
provides additional security against man-in-the-middle (MITM) attacks by ensuring that
the server the driver is connecting to is the server that was requested. If disabled, the driver does not validate the certificate that is sent by the database server. The driver ignores any truststore information specified by the Trust Store and Trust Store Password options. Default: Enabled |
| Enable FIPS | Determines whether the OpenSSL library uses cryptographic algorithms from the
FIPS provider or the default provider when TLS/SSL encryption is enabled
(Encryption Method=1).If disabled, the OpenSSL library uses cryptographic algorithms from the default provider. If enabled, the OpenSSL library uses cryptographic algorithms from the FIPS provider. Default: Disabled |
| Trust Store |
Specifies either the path and file name of the truststore file or
the contents of the TLS/SSL certificates to be used when SSL is enabled ( Default: None |
| Trust Store Password | Specifies the password that is used to access the truststore
file when TLS/SSL is enabled (EncryptionMethod=1) and server authentication is used. Default: None |
| Key Store | The absolute path of the keystore file to
be used when TLS/SSL is enabled (EncryptionMethod=1) and TLS/SSL client authentication is enabled on the
database server. Default: None |
| Key Store Password | The password used to access the keystore file when TLS/SSL is
enabled (EncryptionMethod=1) and TLS/SSL
client authentication is enabled on the database server. Default: None |
| Key Password | The password used to access the
individual keys in the keystore file when TLS/SSL is enabled (Encryption Method=1) and TLS/SSL client authentication
is enabled on the database server. Keys stored in a keystore can be individually
password-protected. To extract the key from the keystore, the driver must have the
password of the key. Default: None |
| Host Name In Certificate | A host name for certificate validation
when TLS/SSL encryption is enabled (EncryptionMethod=1) and validation is enabled (Validate Server
Certificate=1). Default: None |
If you finished configuring your driver, proceed to Step 6 in "Data source configuration through a GUI." Optionally, you can further configure your driver by clicking on the following tabs. The following sections provide details on the fields specific to each configuration tab:
- General tab allows you to configure options that are required for creating a data source.
- Advanced tab allows you to configure advanced behavior.
- Performance tab allows you to specify performance data source settings.
- Failover tab allows you to specify failover data source settings.
- Pooling tab allows you to specify connection pooling settings.
- Bulk tab allows you to specify data source settings for DataDirect Bulk Load.
- Client Monitoring allows you to specify additional data source settings.
- Advanced Security tab allows you to specify settings for Oracle Advanced Security (OAS).
- Proxy tab allows you to specify settings for connecting through an HTTP proxy.