Home » RDBMS Server » Security » SSL, WebAPPs and database (Oracle 10g R2, 10.2.0.4.0, Solaris)
SSL, WebAPPs and database [message #478998] Thu, 14 October 2010 02:19 Go to next message
reym21
Messages: 241
Registered: February 2010
Location: Philippines
Senior Member

May I know your advise on how to secure this database:

We have an Website where the URL configuration is HTTP only not HTTPS. Our clients will access (via login/password) this by submitting/uploading data from Excel files. These files were directly written/ saved in the database for processing.

Do we need to procure an SSL certificate to secure the website in order to secure also said database?

Thanks in advance.




Re: SSL, WebAPPs and database [message #479003 is a reply to message #478998] Thu, 14 October 2010 03:13 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Your question and environment is not clear. Is it 2-tiers or 3-tiers?

If 3-tiers; client <-> application server <-> database

1/ Secure application server access using HTTPS
2/ Secure database access by using a firewall

(Here I assume that "secure" means "secure from external access and hacking of network")

In particular, the following sentence is not clear:
Quote:
Our clients will access (via login/password) this by submitting/uploading data from Excel files. These files were directly written/ saved in the database for processing.

Clients use Excel files to access to the database and these files are stored inside the database?

Regards
Michel
Re: SSL, WebAPPs and database [message #479005 is a reply to message #479003] Thu, 14 October 2010 03:22 Go to previous messageGo to next message
reym21
Messages: 241
Registered: February 2010
Location: Philippines
Senior Member

Thanks for this.

Yes, it's a 3-tier setup.


Re: SSL, WebAPPs and database [message #479172 is a reply to message #479005] Thu, 14 October 2010 22:16 Go to previous message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>Do we need to procure an SSL certificate to secure the website in order to secure also said database?
In some/many/most cases SSL (https) occurs between client Browser & Web Server; & never gets close to DB Server.

>These files were directly written/ saved in the database for processing.
I doubt the data goes "directly" from Excel & into the DB

user<=>browser<=>WebServer<=>ApplicationServer<=>DatabaseServer
What data protection mechanisms are in place on WebServer & ApplicationServer?

Previous Topic: Encrypt 9i database link
Next Topic: Logminer and password change
Goto Forum:
  


Current Time: Fri Mar 29 09:06:20 CDT 2024