[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] oracle web site / database security

Subject: [cobalt-security] oracle web site / database security
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Thu, 12 Apr 2001 12:31:34 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

(cross-posted)

My oracle database runs on a compaq NT box with a high speed internet
connection. Right now the database is firewalled, but I would like to be
able to access this database from a remote web server (outside the LAN, in a
colo facility). My solution would be a web site that will pull records from
Oracle to display on the web. The web site will be accessed on a
subscription (pay) basis, using usernames and passwords.

How can I handle security? Would adjusting the firewall to only let my web
server's IP access the oracle port be good enough? Should I be worried about
encryption (for oracle un & pw) ? DoS attacks on the oracle database are
obviously a concern, as this is a mission-critical app.

I have a separate database (MySQL) on the public web server. Would it be a
better idea to somehow replicate two separate databases nightly? Any ideas
on how to accomplish this replication (ie without having to recopy the
entire database every night)?

Thanks for the advice!
Kevin

Follow-Ups:
- Re: [cobalt-security] oracle web site / database security
  - From: Jens Kristian Søgaard

Prev by Date: Re: [cobalt-security] POP before SMTP
Next by Date: [cobalt-security] IPChains question
Previous by thread: [cobalt-security] some problems with pine were fixed with a new pine version
Next by thread: Re: [cobalt-security] oracle web site / database security

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index