Skip to main contentSkip to search
Powered by Zoomin Software. For more details please contactZoomin
Progress DocumentationProgress Documentation
Progress Documentation
  • Home
  • Home
  • EnglishČeštinaDeutsch (Germany)Español (Spain)Français (France)Italiano (Italy)Português (Brasil)日本語Русский (Russia)中文 (简体) (China)中文 (繁體, 台灣) (Taiwan)ar-AR
  • Login

Progress DataDirect for ODBC for Oracle Wire Protocol Driver User's Guide Release 8.0.2

Summary of security-related options

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
Table of Contents
  • Welcome to the Progress DataDirect for ODBC Oracle Wire Protocol Driver
    • What's new in this release?
    • Driver requirements
    • Installing and setting up the driver (Windows)
    • Installing and setting up the driver (UNIX/Linux)
    • ODBC compliance
    • Version string information
      • getFileVersionString function
    • Data types
      • XMLType
        • Examples
      • Retrieving data type information
    • SQL support
    • Additional information
    • Contacting Technical Support
  • Tutorials
    • The Example application
    • Tableau (Windows only)
    • Microsoft Excel (Windows only)
    • Power BI (Windows only)
  • Using the driver
    • Configuring and connecting to data sources
      • Configuring the product on UNIX/Linux
        • Environment variables
          • Library search path
          • ODBCINI
          • ODBCINST
          • DD_INSTALLDIR
        • Data source configuration on UNIX/Linux
          • Configuring a data source in the system information file
            • Sample default odbc.ini file
        • The example application
        • DSN-less connections
          • Sample odbcinst.ini file
        • File data sources
        • UTF-16 applications on UNIX and Linux
      • Data source configuration through a GUI
        • Advanced tab
        • Security tab
        • Performance tab
        • Failover tab
        • Pooling tab
        • Bulk tab
        • Client Monitoring tab
        • Advanced Security tab
        • Proxy tab
      • Using a connection string
      • Password Encryption Tool (UNIX/Linux only)
      • Using a logon dialog box
    • Performance considerations
    • Using LDAP
    • Connecting through a proxy server
      • Oracle Connection Manager
    • Support for Oracle RAC
    • XA interface support
    • MTS support
    • OS authentication
    • Isolation and lock levels supported
    • Unicode support
    • Using parameter arrays
    • Support of materialized views
    • Stored procedure results
    • Unexpected characters
    • Using failover
      • Connection failover
      • Extended connection failover
      • Select connection failover
      • Guidelines for primary and alternate servers
      • Using client load balancing
      • Using connection retry
      • Configuring failover-related options
        • A connection string example
        • An odbc.ini file example
      • Configuring failover using the TNSNAMES.ORA file
    • Using client information
      • How databases store client information
      • Storing client information
    • Using security
      • Authentication
        • Kerberos requirements
        • Kerberos authentication
        • OS authentication
        • Oracle Internet Directory (OID)
        • Oracle Wallet SSL Authentication
        • Oracle Wallet Password Store
        • Entra ID access token authentication
      • Data encryption across the network
      • Data encryption and integrity
        • TLS/SSL encryption
          • Certificates
          • TLS/SSL server authentication
            • Using SQL_COPT_INMEMORY_TRUSTSTORECERT
            • Importing root certificates into the Windows certificate store
              • Importing root certificates using Certificate Import Wizard
              • Importing root certificates using a PowerShell script
          • TLS/SSL client authentication
          • Generating TLS/SSL certificates using OpenSSL 3.5-compliant algorithms
          • Designating an OpenSSL library
        • Using Oracle Wallet as a keystore
        • Oracle Advanced Security
      • Summary of security-related options
    • Using DataDirect Connection Pooling
      • Creating a connection pool
      • Adding connections to a pool
      • Removing connections from a pool
      • Handling dead connections in a pool
      • Connection pool statistics
      • Summary of pooling-related options
    • Using DataDirect Bulk Load
      • Bulk export and load methods
      • Exporting data from a database
      • Bulk loading to a database
      • The bulk load configuration file
        • Bulk load configuration file schema for Oracle
        • Verification of the bulk load configuration file
      • Sample applications
      • Character set conversions
      • External overflow files
      • Limitations
      • Summary of related options for DataDirect Bulk Load
    • Using bulk load for batch inserts
      • Determining the bulk load protocol
      • Limitations
      • Summary of related options for bulk load for batch inserts
    • Persisting a result set as an XML data file
      • Using the Windows XML persistence demo tool
      • Using the UNIX/Linux XML persistence demo tool
    • Packet logging
  • Connection option descriptions
    • Accounting Info
    • Action
    • Alternate Servers
    • Application Name
    • Application Using Threads
    • Array Size
    • Authentication Method
    • Batch Size
    • Batch Failure Returns Error
    • Bind Params As Unicode
    • Bulk Binary Threshold
    • Bulk Character Threshold
    • Bulk Options
    • Cached Cursor Limit
    • Cached Description Limit
    • Catalog Functions Include Synonyms
    • Catalog Options
    • Client Host Name
    • Client ID
    • Client User
    • Connection Pooling
    • Connection Reset
    • Connection Retry Count
    • Connection Retry Delay
    • Credentials Wallet Entry
    • Credentials Wallet Path
    • Crypto Protocol Version
    • CryptoLibName
    • Data Integrity Level
    • Data Integrity Types
    • Data Source Name
    • Default Buffer Size for Long/LOB Columns (in Kb)
    • Describe at Prepare
    • Description
    • Edition Name
    • Enable Bulk Load
    • Enable FIPS
    • Enable N-CHAR Support
    • Enable Scrollable Cursors
    • Enable Server Result Cache
    • Enable SQLDescribeParam
    • Enable Static Cursors for Long Data
    • Enable Timestamp with Timezone
    • Encryption Level
    • Encryption Method
    • Entra Access Token
    • Encryption Types
    • Failover Granularity
    • Failover Mode
    • Failover Preconnect
    • Fetch TSWTZ as Timestamp
    • Field Delimiter
    • GSS Client Library
    • Host
    • Host Name In Certificate
    • IANAAppCodePage
    • Impersonate User
    • Initialization String
    • Key Password
    • Key Store
    • Key Store Password
    • LDAP Crypto Protocol Version
    • LDAP Distinguished Name
    • LDAP Encryption Method
    • LDAP Key Store
    • LDAP Trust Store
    • LDAP Validate Server Certificate
    • Load Balancing
    • LoadBalance Timeout
    • LOB Prefetch Size
    • Local Timezone Offset
    • Lock Timeout
    • Login Timeout
    • Max Pool Size
    • Min Pool Size
    • Module
    • OpenSSLConfigFile
    • OpenSSLProviderPath
    • Password
    • Port Number
    • Proxy Host
    • Proxy Mode
    • Proxy Password
    • Proxy Port
    • Proxy User
    • PRNGSeedFile
    • PRNGSeedSource
    • Procedure Returns Results
    • Program ID
    • Query Timeout
    • Record Delimiter
    • Report Codepage Conversion Errors
    • Report Recycle Bin
    • SDU Size
    • Server Name
    • Server Process Type
    • Service Name
    • SID
    • SSLLibName
    • Support Binary XML
    • TCP Keep Alive
    • Timestamp Escape Mapping
    • TNSNames File
    • Trust Store
    • Trust Store Password
    • Use Current Schema for SQLProcedures
    • User Name
    • Validate Server Certificate
    • Wallet Password
    • Wire Protocol Mode
  • Copyright
Table of Contents

Summary of security-related options

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: January 22, 2025
  • 1 minute read
    • DataDirect Connectors
    • ODBC
    • Oracle Database Wire Protocol 8.0
    • Documentation

The following table summarizes how security-related connection options work with the drivers. The connection options are listed alphabetically by the GUI name that appears on the driver Setup dialog box. The connection string attribute name is listed immediately after the GUI name in parentheses. See "Connection option descriptions" for details about configuring the options.

Table 1. Summary: Authentication Connection Options
Option Description
Authentication Method (AuthenticationMethod)

Specifies the method the driver uses to authenticate the user to the server when a connection is established.

If set to 1 (Encrypt Password), the driver sends the user ID in clear text and an encrypted password to the server for authentication.

If set to 3 (Client Authentication), the driver uses client authentication when establishing a connection. The database server relies on the client to authenticate the user and does not provide additional authentication.

If set to 4 (Kerberos Authentication), the driver uses Kerberos authentication. This method supports both Windows Active Directory Kerberos and MIT Kerberos environments.

When set to 5 (Kerberos with UID & PWD), the driver uses both Kerberos authentication and user ID and password authentication. The driver first authenticates the user using Kerberos. If a user ID and password are specified, the driver reauthenticates using the user name and password supplied. An error is generated if a user ID and password are not specified.

If set to 6 (NTLM), the driver uses NTLMv1 authentication for Windows clients.

If set to 11 (SSL), the driver uses SSL certificate information to authenticate the client with the server when using Oracle Wallet. The User Name and Password options should not be specified. See "Oracle Wallet SSL Authentication" for additional requirements.

If set to 12 (SSL with UID & Password), the driver uses user ID/password and SSL authentication to connect with the server when using Oracle Wallet. See "Oracle Wallet SSL Authentication" for additional requirements.

If set to 16 (Wallet UID & PWD), the driver authenticates to the server using a user ID and password retrieved from Oracle Wallet. See "Oracle Wallet Password Store" for additional requirements.

If set to 38 (EntraIDAccessToken), the driver authenticates to the server using an Entra ID access token. This setting requires the Entra Access Token option to be specified. If an access token is not specified, the driver throws an exception. All communications with the service are encrypted using TLS/SSL encryption.

Default: 1 (Encrypt Password)
Credentials Wallet Entry (CredentialsWalletEntry)

Specifies the string value used to identify database credential information stored in an Oracle Wallet. When Authentication Method is set to 16 (Wallet UID & PWD), the driver retrieves the user ID and password associated with the specified value from the wallet and uses them to authenticate to the server. This value provides a method for the correct user ID and password to be retrieved when there are multiple pairs in a wallet.

See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature.

Wallet Password (CredentialsWalletPassword)

Specifies the password used to access the Oracle Wallet in which your database credential information is stored. When Authentication Method is set to 16 (Wallet UID & PWD), the driver uses this value to retrieve the database user ID and password that is stored in the wallet file specified by the Credentials Wallet Path option.

See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature.

Credentials Wallet Path (CredentialsWalletPath)

Specifies the fully-qualified path to the Oracle Wallet file in which your database credential information is stored. When Authentication Method is set to 16 (Wallet UID & PWD), the driver retrieves the database user name and password from this file.

See "Oracle Wallet Password Store" for a complete list of options and settings required for the Oracle Wallet Password Store feature.
Entra Access Token (EntraAccessToken)

Specifies the access token required to authenticate to an Oracle instance when using Entra ID access token authentication (AuthenticationMethod=38). Refer to the Oracle documentation for more information on obtaining an access token.
GSS Client Library (GSSClient)

The name of the GSS client library that the driver uses to communicate with the Key Distribution Center (KDC).

Default: native (The driver uses the GSS client shipped with the operating system.)
ImpersonateUser (ImpersonateUser)

Specifies the proxy user ID used for impersonation. The value for Impersonate User determines your identity and permissions when executing queries. When a value is specified for this option, the driver authenticates according to the setting of the Authentication Method option; then, after establishing a connection, the driver attempts to reauthenticate as the destination user. Note that the administrator must grant CONNECT THROUGH permission to the authenticated user in order to impersonate the destination user; otherwise, an error is returned.

Default: None
User Name (LogonID)

The default user ID that is used to connect to your database.

Default: None
Table 2. Summary: Data Encryption Connection Options
Option Description
Crypto Protocol Version (CryptoProtocolVersion)

Specifies the cryptographic protocols to use when TLS/SSL is enabled using the Encryption Method connection option (EncryptionMethod=1).

Default: TLSv1.3,TLSv1.2
CryptoLibName (CryptoLibName)

The absolute path for the OpenSSL library file containing the cryptographic library to be used by the data source or connection when TLS/SSL is enabled. The cryptograpic library contains the implementations of cryptographic algorithms the driver uses for data encryption.

Default: Empty string
DataIntegrityLevel (DIL)

Specifies a preference for the data integrity to be used on data sent between the driver and the database server. The connection fails if the database server does not have a compatible integrity algorithm.

If set to 0 (Rejected), a data integrity check on data sent between the driver and the database server is refused. The connection fails if the database server specifies REQUIRED.

If set to 1 (Accepted), a data integrity check can be made on data sent between the driver and the database server. Data integrity is used if the database server requests or requires it.

If set to 2 (Requested), the driver enables a data integrity check on data sent between the driver and the database server if the database server permits it.

If set to 3 (Required), a data integrity check must be performed on data sent between the driver and the database server. The connection fails if the database server specifies REJECTED.

See "Encryption and Data Integrity" for more information.

Default: 1 (Accepted)
DataIntegrityTypes (DIT)

Determines the method the driver uses to protect against attacks that intercept and modify data being transmitted between the client and server. You can enable data integrity protection without enabling encryption.

If multiple values are specified and Oracle Advanced Security data integrity is enabled using the Data Integrity Level option, the database server determines which algorithm is used based on how it is configured.

Default: MD5, SHA1, SHA256, SHA384, SHA512
Enable FIPS Determines whether the OpenSSL library uses cryptographic algorithms from the FIPS provider or the default provider when TLS/SSL encryption is enabled (Encryption Method=1).

If disabled, the OpenSSL library uses cryptographic algorithms from the default provider.

If enabled, the OpenSSL library uses cryptographic algorithms from the FIPS provider.

Default: Disabled
EncryptionLevel (EL)

Specifies a preference on whether to use encryption on data being sent between the driver and the database server.

If set to 0 (Rejected), or if no match is found between the driver and server encryption types, data sent between the driver and the database server is not encrypted or decrypted. The connection fails if the database server specifies REQUIRED.

If set to 1 (Accepted), encryption is used on data sent between the driver and the database server if the database server requests or requires it.

If set to 2 (Requested), data sent between the driver and the database server is encrypted and decrypted if the database server permits it.

If set to 3 (Required), data sent between the driver and the database server must be encrypted and decrypted. The connection fails if the database server specifies REJECTED.

Default: 1 (Accepted)
Encryption Method (EncryptionMethod)

The method the driver uses to encrypt data sent between the driver and the database server.

If set to 0 (No Encryption), data is not encrypted.

If set to 1 (SSL), data is encrypted using the TLS/SSL protocols specified in the Crypto Protocol Version connection option.

Default: 0 (No Encryption)
EncryptionTypes (ET)

Specifies the encryption algorithms to use if Oracle Advanced Security encryption is enabled using the Encryption Level connection property.

Default: All listed encryption algorithms are selected.

Host Name In Certificate (HostNameInCertificate)

A host name for certificate validation when TLS/SSL encryption is enabled (Encryption Method=1) and validation is enabled (Validate Server Certificate=1).

Default: None
Key Password (KeyPassword)

Specifies the password used to access the individual keys in the keystore file when TLS/SSL is enabled (Encryption Method=1) and TLS/SSL client authentication is enabled on the database server.

Default: None
Key Store (Keystore)

The absolute path of the keystore file to be used when TLS/SSL is enabled (EncryptionMethod=1) and TLS/SSL client authentication is enabled on the database server.

Default: None
Key Store Password (KeystorePassword)

The password used to access the keystore file when TLS/SSL is enabled (EncryptionMethod=1) and TLS/SSL client authentication is enabled on the database server.

Default: None
SSLLibName (SSLLibName)

The absolute path for the OpenSSL library file containing the TLS/SSL library to be used by the data source or connection when TLS/SSL is enabled. The library contains the implementations of TLS/SSL protocols the driver uses for data encryption.

Default: Empty string
Trust Store (Truststore)

The absolute path of the truststore file to be used when TLS/SSL is enabled (EncryptionMethod=1) and server authentication is used.

Default: None
Trust Store Password (TruststorePassword)

Specifies the password that is used to access the truststore file when TLS/SSL is enabled (EncryptionMethod=1) and server authentication is used.

Default: None
Validate Server Certificate (ValidateServerCertificate)

If enabled, the driver validates the certificate that is sent by the database server. Any certificate from the server must be issued by a trusted CA in the truststore file. If the Host Name In Certificate option is specified, the driver also validates the certificate using a host name. The Host Name In Certificate option provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.

If disabled, the driver does not validate the certificate that is sent by the database server. The driver ignores any truststore information specified by the Trust Store and Trust Store Password options.

Default: Enabled
Related Links
  • Connection option descriptions
  • Oracle Wallet SSL Authentication
  • Oracle Wallet Password Store
TitleResults for “How to create a CRG?”Also Available inAlert