[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] oracle web site / database security
- Subject: Re: [cobalt-security] oracle web site / database security
- From: Jens Kristian Søgaard <jens@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Apr 2001 01:38:53 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Kevin,
> My oracle database runs on a compaq NT box with a high speed internet
> connection. Right now the database is firewalled, but I would like to be
> able to access this database from a remote web server (outside the LAN, in
a
> colo facility). My solution would be a web site that will pull records
from
> Oracle to display on the web. The web site will be accessed on a
> How can I handle security? Would adjusting the firewall to only let my web
> server's IP access the oracle port be good enough? Should I be worried
about
That will ofcourse depend on your security needs.
If you choose to do authentication based purely on the source ip-address,
you'll need to worry about spoofing attacks. It would be better to use both
the source ip-address and a password on the database.
Probably the best method would be to use an encrypted SSH tunnel using RSA
authentication. It should be quite easy to setup such a tunnel from one port
on the remote server to the Oracle server on the NT box.
--
Jens Kristian Søgaard, Mermaid Consulting I/S,
jens@xxxxxxxxxxxxxxxxxxxx,
http://www.mermaidconsulting.com/