I'm trying to force my client application to connect to an encrypted Oracle 11g server using AES256 instead of RC4_256. We have been notified that the RC4_256 encryption type will be disabled "soon".
We are using the latest 11g drivers with c3p0 as our connection pool. Below is the bean config.
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="oracle.jdbc.OracleDriver"/>
<property name="jdbcUrl" value="${jdbc.url}"/>
<!-- other pool properties -->
<property name="properties">
<props>
<prop key="user">${jdbc.username}</prop>
<prop key="password">${jdbc.password}</prop>
<!-- this is one set of many I've tried -->
<prop key="oracle.net.encryption_client">REQUIRED</prop>
<prop key="oracle.net.encryption_types_client">( AES256 )</prop>
</props>
</property>
</bean>
I've tried many permutations using oracle.net.encryption_types_client, and oracle.net.encryption_client, CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL, CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES. I've named them as is in the Oracle docs, as Java properties, etc.
I haven't been able to get it to connect using anything but RC4_256.
I'm using the following query on the database server to see how my client is connecting. The Network_Service_Banner from the v$session_connect_info table shows how it's connecting. Here is the current message I'm getting
Oracle Advanced Security: RC4_256 encryption service adapter for
Solaris: Version 11.2.0.3.0 - Prod
select s.username,s.machine,s.program,S.LOGON_TIME,s1.*
from v$session s, v$session_connect_info s1
where s.sid = s1.sid and s.username in ('MYAPP') and s.machine = 'MY-PC'
order by S.LOGON_TIME DESC, s.sid
Any help would be appreciated as I'm wrapped around the axle at this point.
I will take a shot at this, since I too am reading on this subject within the recent days. It appears that we need to make changes to the SQLNET.ora files on the server and/or the client to make this work.
Refer to this link where there is an illustration of how to use AES to connect to the database. specifically, take a look at Example 9-3 Setting Data Encryption and Integrity Parameters. Above this example are the settings needed to be done in the sqlnet.ora files to enable AES encryption. These are quoted below from the link
SQLNET.ENCRYPTION_SERVER = ACCEPTED
SQLNET.CRYPTO_CHECKSUM_SERVER = ACCEPTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5, SHA1)
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256, AES192, AES128)
SQLNET.CRYPTO_SEED = 2z0hslkdharUJCFtkwbjOLbgwsj7vkqt3bGoUylihnvkhgkdsbdskkKGhdk
Quoting from this link:
For both data encryption and integrity algorithms, the server selects
the first algorithm listed in its sqlnet.ora file that matches an
algorithm listed in the client sqlnet.ora file, or in the client
installed list if the client lists no algorithms in its sqlnet.ora
file. If there are no entries in the server sqlnet.ora file, the
server sequentially searches its installed list to match an item on
the client side—either in the client sqlnet.ora file or in the client
installed list. If no match can be made and one side of the connection
REQUIRED the algorithm type (data encryption or integrity), the
connection fails. Otherwise, the connection succeeds with the
algorithm type inactive.
If you read through the page mentioned above and refer to the table Table A-6 SQLNET.ENCRYPTION_TYPES_SERVER Parameter Attributes under section A.2.1.5 SQLNET.ENCRYPTION_TYPES_SERVER Parameter , we see that the first encryption algorithm to be matched by the server is RC4_256 which in your case may be matching the client end of the installed encryption algorithms and that is the reason the connection may succeed. However, when you specify another algorithm such as AES 256, this algorithm may not be negotiable by the client and server resulting in a connection failure.
The page listed above, details the necessary settings for enabling data integrity and encryption.
Hope this gives you a step towards the solution
It turns out that the c3p0 configuration is really strait forward.
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="oracle.jdbc.OracleDriver"/>
<property name="jdbcUrl" value="${jdbc.url}"/>
<!-- other pool properties -->
<property name="properties">
<props>
<prop key="user">${jdbc.username}</prop>
<prop key="password">${jdbc.password}</prop>
<prop key="oracle.net.encryption_client">REQUIRED</prop>
<prop key="oracle.net.encryption_types_client">(AES256)</prop>
<prop key="oracle.net.crypto_checksum_client">REQUIRED</prop>
<prop key="oracle.net.crypto_checksum_types_client">(SHA1)</prop>
</props>
</property>
</bean>
It wasn't working in our case because we had two different version of the jdbc drivers in the class path and the older one was getting loaded first.
After removing the old jdbc jar, it switched to AES256 as the config dictated.
Related
I have recently started to learn developing a mircocontroller-based device which will have BLE module. The device is supposed to send analog reading fetched from sensor to an android application that I am going to develop.
For what i have studied about the way GATT works is:
The microntroller-based device will be GATT server.
The android application will be GATT client.
As seen from communication point of view, the microntroller-based device is Slave and the android application is Master.
Questions:
How do I decide the number of attributes that I need to define in order to receive command from GATT Client and send the response (which is going to be a float value)? Do I need to have two distinct attributes: One for Android to send commands and one for the microncontroller-based device to send data to android? Or I can use a single attribute?
GATT appears to be an event-driven system.
2.1: What events will be generated when android sends a command to microcontroller-based device: (Client to Server) ?
2.2: Will an event be generated when the data is written on the attribute which is going to be read by Android application: (Server to Client) ?
The android application (GATT Client) should use read/write commands to communicate with the microncontroller-based device (GATT Server). And, the GATT Server should use Notify/Indicate to pass the data to the GATT Client. Is my understanding correct?
I am using this BlueGiga BLE112 Module for development.
The gatt.xml file that I so far have written is:
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<!-- 1800: org.bluetooth.service.generic_access -->
<service uuid="1800" id="generic_access">
<description>Generic Access</description>
<!-- 2A00: org.bluetooth.characteristic.gap.device_name -->
<characteristic uuid="2A00" id="c_device_name">
<description>Device Name</description>
<properties read="true" const="true" />
<value>MyBLEDev</value>
</characteristic>
<!-- 2A01: org.bluetooth.characteristic.gap.appearance -->
<characteristic uuid="2A01" id="c_appearance">
<description>Appearance</description>
<properties read="true" const="true" />
<value type="hex">0300</value>
</characteristic>
</service>
<!-- custom service -->
<service uuid="624e957f-cb42-4cd6-bacc-84aeb898f69b" advertise="true">
<description>Custom Device Service</description>
<!-- custom write-only characteristic for Client to send commands to fetch reading -->
<characteristic uuid="a57892fe-4f58-97d4-a5245-78a4125d3e6" id="c_cmd_TxReading">
<description>Request for Reading</description>
<properties write="true" />
<value length="4" />
</characteristic>
<characteristic uuid="8fde302a-56ac-b289-65ed-a577ed66b89c" id="c_reading">
<description>Measurement</description>
<properties read="true" write="true" />
<value length="4" type="float32" />
</characteristic>
</service>
I see a GATT server like a chunk of memory on another machine. You can request particular chunks by handles and get different information. You can make the other machine do different things or respond in different ways by writing values to those handles. The difference from memory space is that each handle can contain different sizes of information as well as each having a UUID that identifies how to interpret the data you find in there. In a regular memory space each "handle" would be an address, each chunk would be a single byte, and there's no way to figure out how to interpret that data without some other information.
So... questions:
Like most questions on here, the answer is "it depends". If you just want to fetch the value, you just have a single attribute with the data in there that the client can fetch from. If you'd also like to set it up so the GATT server sends notifications whenever that value changes then you'd also have to add a Client Characteristic Configuration handle to that attribute. (Ex. I have one accelerometer that has 3 attributes for the X, Y, and Z values and another device that reports all 3 values as a single attribute. Because this is a type of value that hasn't been standardize they can do this by defining their own custom UUID. If you're measuring something that already has a standard layout then you should probably use that instead)
GATT has some event driven aspects and other aspects that are done serially. For instance, you can only be negotiating one connection request at a time. However, you can be getting notifications in any order from any number of attributes at any time.
You can't really define your own commands with GATT. You're restricted to things like "read from handle" or "write to handle" similar to manipulating a chunk of memory. The underlying implementation can be dependent on the hardware, but usually you can trigger some sort of event when a handle is manipulated.
You can requests events by subscribing to notifications or indications on a particular attribute.
Yes, that's correct.
I have a simple azure biztalk services project.
It has a FTP source that reads a .CSV file and writes to an on-premise sqlserver database table.
I successfully deployed and it works for small .CSV files (around 800 rows) quite well. But, when I have a large file (around 6500 rows. Actually, this is also very samll file in my opinion), it fails with the following error. Below this error, you will see my configurations for the SQLServer Adapter Service.
<?xml version="1.0" encoding="utf-16"?>
<s:Fault xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Code>
<s:Value>s:Receiver</s:Value>
<s:Subcode>
<s:Value>s:SendError</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="en-US">The operation with action "TableOp/Insert/dbo/tblVMSData"
took longer than the specified timeout "00:01:00".</s:Text>
</s:Reason>
</s:Fault>
My on premise SQL Server adapter service has the following configuration.
<basicHttpRelayBinding>
<binding name="basicHttpRelayBinding1"
closeTimeout="00:20:00"
openTimeout="00:20:00"
receiveTimeout="00:20:00"
sendTimeout="00:20:00"
maxBufferPoolSize=" 1048576"
maxBufferSize="67108864"
maxReceivedMessageSize="67108864">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="67108864"
maxNameTableCharCount="2147483647" />
<security mode="Transport" />
</binding>
</basicHttpRelayBinding>
You might have to make the timeout value on the server side larger too! So if you have a look in your BizTalk Services project, look for your SQL endpoint configuration file (under you itinerary in solution explorer) and edit the WCF configuration values there too.
Does that work ?
I finally found the configuration options for the timeout. They are not in any config file. They are not even in the biztalk services project.
You have to right click your SQL Target, under LOB Types under Biztalk Adapter Services, and select the properties. In the properties, Click on the Binding Configuration. It opens up Advanced Adapter Configuration. There are four timeouts "Open Timeout", "Receive Timeout", "Send Timeout" and "Close Timeout".
What is strange is that these timeouts also appear in the config file that is automatically generated when you drag and drop the SQL Target on to your MessageFlowItinerary. But, changing them in the config file seems to be not enough in my case.
Also, when you open IIS Management console, there you can change client configuration for timeouts by clicking on the Configure option under "Manage WCF and WF Services". If you do not see "Manage WCF and WF Services", you haven't installed the Windows Server App Fabric SDK. Download and install it.
Microsoft should really make it easy to find and change configuration for both server and client from a single simple page. It is really frustrating to click through different things to find the options. It should simply work out of the box. On one hand they give flexibility by providing configuration option and with the other hand they rob it by hiding the configuration options under different rocks.
1)Is there any monitoring or supervision attribute in the OpenLDAP server which can tell if the running OpenLDAP server is a provider or consumer without doing any operations on the Server like ldapmodify?
2) Is their any option to modify the syncrepl config online if yes then how to do ?
The answer to both is to use the 'online configuration' mode whereby the configuration is held inside the directory. Then you can both look up for (1) and modify for (2).
I am working on news website and I want to publish new news and news updates to weblog using Restful call WebLogs.com api #7
As time duration b/w calls may not less then 30 mins thats why i want to push bulk updates using RSS aggregator.
I found the following document
http://getaconnect.com/rss/category/queued/
in the format of where item may be multiple
<Channel>
<item>
</item>
<item>
</item>
</Channel>
Example HTTP GET request to weblog ping server:
http://rpc.weblogs.com/pingSiteForm?name=InfraBlog&url=http%3A%2F%2TestRss.com
My question is if i ping and provide rss file then after 30 mins should i update the same file with new contents to i have to provide separate file.
Another question is if i would like to update text/location of already submitted news how can i do it ?
Last question is any suitable API for rsss generate in java ?
create rss data and submit it to weblong ping server.
I have a Flex / Spring / LCDS project, and I'm trying to use the Spring/Flex integration module.
It works fine for exposing simple destinations & messaging end-points, however I'm unsure how to configure to use Assemblers.
The vanilla, no-Spring-integration-way involves declaring a destination such as:
<destination id="book.service">
<properties>
<source>flex.data.assemblers.HibernateAnnotationsAssembler</source>
<item-class>com.library.Book</item-class>
</properties>
</destination>
However, when I try to integrate this approach with Spring, I come unstuck.
This destination needs an adapter. Running as-is, allowing the Spring/Flex integration to install the default remoting adapter doesn't work, as I get the following error at rumtime:
Caused by: flex.messaging.config.ConfigurationException: Destination 'book.service' must specify at least one adapter.
How do I connect this destination to the adapter?
Also, will the HibernateAnnotationsAssember detect and integrate with the Spring managed Hibernate sessions, or does this require additional config as well?
From what I know Spring is fully integrated only with BlazeDS..you cannot expose Spring beans (assemblers) as destinations.