Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison
Apr 26 2012 12:35PM
laurenz albe wien gv at
I wanted to comment on the workarounds for this problem:
1) Setting SQLNET.ENCRYPTION_SERVER=REQUIRED on the server is not enough to protect you.
To avoid "man in the middle" attacks, you need to have an SSL certificate on
the server and SSL_SERVER_DN_MATCH=TRUE in the client's sqlnet.ora.
[ more ]
Copyright 2010, SecurityFocus