Re: [ACFUG Discuss] Oracle sqlnet.allowed_logon_version issue with CF 9

[Steve Ross]

Have not worked on a govt project using oracle but, you could try the
oracle thin driver.

On Wed, Dec 14, 2011 at 1:08 PM, Mike Staver  wrote:

> Working on a DoD project, we have to follow some specific security
> protocols within our apps and DBs. There is a STIG requirement for a
> specific setting. The setting in question is sqlnet.allowed_logon_version,
> and it needs to be set to 10 or 11 as a value.
>
> http://docs.oracle.com/cd/B28359_01/network.111/b28317/sqlnet.htm
>
> The description of that setting is:
>
> "Use the SQLNET.ALLOWED_LOGON_VERSION parameter to define the minimum
> Oracle Database client version that is allowed to attempt connections to
> Oracle database instances under the control of the given code tree.
>
> If the client version does not meet or exceed the version defined by this
> parameter, then authentication fails with an ORA-28040 error."
>
> I'm using the enterprise version of CF 9 with built in Oracle JDBC
> connections. So, I'm not using the Oracle client software. The DoD can be
> stubborn at times and not fully understand how required security settings
> will break certain applications. I feel like this is one of those times. I
> won't be able to convince them of their mistake, so I will need to work
> with them here :) One possible solution would be to stop using the native
> JDBC Oracle connection in CF and use a standard ODBC datasource that uses
> the Oracle client... but I don't really like that solution.
>
> I'm curious if anyone else has worked on a government project with this
> required setting and what they did about it.
>
> Thanks for your time.
>
>
> -
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by http://www.fusionlink.com
> -
>
>
>
>


-- 
Steve Ross
web application & interface developer
http://blog.stevensross.com
[mobile] (912) 344-8113
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]

[ACFUG Discuss] Oracle sqlnet.allowed_logon_version issue with CF 9

[Mike Staver]

Working on a DoD project, we have to follow some specific security
protocols within our apps and DBs. There is a STIG requirement for a
specific setting. The setting in question is sqlnet.allowed_logon_version,
and it needs to be set to 10 or 11 as a value.

http://docs.oracle.com/cd/B28359_01/network.111/b28317/sqlnet.htm

The description of that setting is:

"Use the SQLNET.ALLOWED_LOGON_VERSION parameter to define the minimum
Oracle Database client version that is allowed to attempt connections to
Oracle database instances under the control of the given code tree.

If the client version does not meet or exceed the version defined by this
parameter, then authentication fails with an ORA-28040 error."

I'm using the enterprise version of CF 9 with built in Oracle JDBC
connections. So, I'm not using the Oracle client software. The DoD can be
stubborn at times and not fully understand how required security settings
will break certain applications. I feel like this is one of those times. I
won't be able to convince them of their mistake, so I will need to work
with them here :) One possible solution would be to stop using the native
JDBC Oracle connection in CF and use a standard ODBC datasource that uses
the Oracle client... but I don't really like that solution.

I'm curious if anyone else has worked on a government project with this
required setting and what they did about it.

Thanks for your time.


-
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-