| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle Security Blasted
How many here responded, in your house, wrt this thread? Why/why not?
Oracle's security approach forces admins to rely on the firewall as the last line of defense; as if apps should be allowed to be wholey, as if this is somebody elses problem.
Let me just say, I hate the fact that my firewall is the last line of defense. When it gets breached (not if), I'll want the app to be secure and that will be a dba problem. So, why should dba types not ping their management to request Oracle Corp to get real? An ounce of prevention...
Oracle Corp activity seems reminiscent of the old Steve Martin Watergate routine, "What Nixon really needed was a banjo." If you remember that you have me sympathy.
On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> Our security officer sent me this.
>
> Title: David Litchfield writes an open letter to the security community
> and Oracle customers
> Author: Pete Finnigan
> Source: Pete Finnigan's Oracle security weblog
>
> Excerpt:
>
> David is calling for Oracle customers to contact Oracle and demand a
> better security service and those customers should demand fixes. Cesars
> comments mirror those of David with some comparisons to Microsoft a few
> years ago and he also threatens to release a 0day remote exploit.
>
> For complete article see:
> http://www.petefinnigan.com/weblog/archives/00000576.htm
> http://www.securityfocus.com/archive/1/412666/30/0/threaded
> http://www.argeniss.com/products.html
>
> Ian MacGregor
> Stanford Linear Accelerator Center
> --
> http://www.freelists.org/webpage/oracle-l
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Oct 10 2005 - 11:05:22 CDT
 |
 |