Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Toad vs TOra vs ? (remote vs beq)

Re: Toad vs TOra vs ? (remote vs beq)

From: Paul Drake <discgolfdba_at_yahoo.com>
Date: Sun, 15 Aug 2004 23:03:59 -0700 (PDT)
Message-ID: <20040816060359.30176.qmail@web20422.mail.yahoo.com> 








> We run Linux servers but I have Mac OS X on my desk.

>  We currently do 

> not have any ports open for the listener;  all

> Oracle access originates 

> from the server it's running on, and for security

> reasons I'd like to 

> keep it that way if possible.  So is it at all

> practical to install one 

> or more tools on the server and run them locally via

> X11, or is that 

> slower than the proverbial molasses?  I'm sharing a

> full T1 with one 

> other person so bandwidth isn't an issue (we run a

> home office out in 

> the boonies and this was the only practical means of

> getting broadband 

> out here).

> 

> Oh, in case it matters we are still running Oracle

> 8.1.7.4 (yes, I know 

> I need to upgrade :).

> 

> Thanks in advance for any advice,

> 

> janine





So you're asserting that running an Oracle TNS
Listener to accept remote incoming connections is less
secure than having users logon to the oracle server
console, and run gui apps remotely via X11.



Interesting.



I will agree with you, that running an 8.1.7.4
listener may not be a good idea, security-wise.
Multiple vulnerabilities in the TNS Listener in
8.1.7.4 existed. The most simple solution (IMHO) for
the time period when no fixes were available, was to
install the 9.2 binaries, patch, and use a 9.2.x
listener for all databases on the host. In other
words, upgrade the listener, even if you wait a couple
more months to upgrade the database (perhaps you are
going to skip 9.2 entirely and test against 10.1
instead).



As far as running remote X sessions being more secure
than oracle fat client connections - might you be
running vnc over an unencrypted channel? (passwords
sent in clear text). X is not without security issues
of its own.



Multiple posters have listed references to running a
remote Oracle fat client session tunneled thru ssh. I
don't believe that would be less secure than running
the session locally on the server. It removes the X
client from the code path. It will be faster than
using X.



I do have a database for which there is no listener
accepting connections over TCP. That may make sense,
depending upon the nature of the data stored in the
database, what networks the data is going to traverse.
All incoming connections on that box (that are
accepted) are over SSL or ssh.



I'll make an obligatory reference to the Oracle
Advanced Networking Option, which can be coupled with
a third-party biometric solution for identification.
The docs might be worth a quick look for you.



Not running a TNS Listener and denying Oracle fat
client connections, makes me wonder if you have lots
of windows open with screens in place at ground level,
while the front door has been welded shut.



Might you be using telnet to connect to the Oracle
Server (as the oracle account, even)?



Pd





Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Mon Aug 16 2004 - 00:59:37 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US