| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle Office of Strategic Influence
6. incompetent developers 7. incompetent DBAs 8. incompetent sys admins 9. incompetent management decisions. 10. all of the above. <g>
Your point is well made and well taken.
Still no one has volunteered when the last time was that they actually tested one of their backup tapes to see if it actually would work. I wonder ....? <g>
Dan Morgan
Niall Litchfield wrote:
> But software breaks in a number of ways. being hacked is only one. as far as
> i know posessing the 9i db doesn't protect you from
>
> 1. malicious authorised users
> 2. incompetent authorised users
> 3. insecure applications.
> 4. insecure operating systems
> 5. terrorism.
>
> etc etc.
>
> In addition according to oracle if we are to do anything sensible with the
> db the naturally we'll be using the app server anyway. All of oracles
> 'unbreakable' marketing reminds me of nothing so much as the C2 status of
> NT4. the worlds first secure network os - provided you didn't attach it to a
> network.
>
> It does matter ( to me anyway) because the making of ludicrous claims that
> just can't be substantiated doesn't make me think ill of the marketing
> people. it makes me think ill of the company. An old marketing law is that
> people buy from people. If someone tells me their product will never crash
> and has no flaws then bottom line is I won't trust them further than my
> daughter can throw them. If they can demonstrate that security reliability
> scalability and support are there then i'll be much happier.
>
> P.S. Of course it doesn't help that I've been hit by a 'unbreakable'
> database that died because a file became the wrong size. a flaw that appears
> cross versions and cross platforms.
>
> P.P.S. And of course i agree hat the original post was a troll - but hey it
> suckered me.
>
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
> "damorgan" <damorgan_at_exesolutions.com> wrote in message
> news:3C961199.F98E21AC_at_exesolutions.com...
> > That I understood. And anyone that doesn't know that advertising is fluff
> needs
> > to stay away from the television. But the security issues I have seen
> (there
> > are likely some I have not seen) are not with the database; they are with
> the
> > app server.
> >
> > The easiest way to break into any software is still to look at the post-it
> note
> > in the desk drawer. <g>
> >
> > Daniel Morgan
> >
> >
> >
> > Niall Litchfield wrote:
> >
> > > His point is that no software is 'unbreakable'. He is absolutely
> correct.
> > > The reality doesn't live up to the marketing. On the other hand who
> cares.
> > > No reality ever does. The informix page at IBM states that informix
> offers
> > > continuous availability. I have yet to see a product that could possibly
> > > justify this. Even the ms marketing machine ony claims 5 nines <g>.
> > >
> > > --
> > > Niall Litchfield
> > > Oracle DBA
> > > Audit Commission UK
> > > *****************************************
> > > Please include version and platform
> > > and SQL where applicable
> > > It makes life easier and increases the
> > > likelihood of a good answer
> > >
> > > ******************************************
> > > "damorgan" <damorgan_at_exesolutions.com> wrote in message
> > > news:3C926E8B.7F20347D_at_exesolutions.com...
> > > > The Oracle database is not the Oracle Application Server.
> > > >
> > > > With that in mind ... do you have a point?
> > > >
> > > > Daniel Morgan
> > > >
> > > >
> > > >
> > > > Steven Hauser wrote:
> > > >
> > > > > The "Big Lie" is effective again.
> > > > > Here is a Google "Sponsored Link Ad" (a 10,000 dollar account)
> > > > > for the search term "Informix"
> > > > >
> > > > > >Informix - Is your database safe? Make it safe.
> > > > > >www.oracle.com Oracle9i Database. Unbreakable. Can't break it.
> Can't
> > > break in.
> > > > > >Sponsored Link
> > > > >
> > > > > No software is unbreakable no matter who says it, even ORACLE!
> (gasp)
> > > > > Now the CERT (late) warnings:
> > > > >
> > > > > >CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers
> > > > > >
> > > > > > Original release date: March 14, 2002
> > > > > > Last revised: --
> > > > > > Source: CERT/CC
> > > > > >
> > > > > > A complete revision history can be found at the end of this
> file.
> > > > > >
> > > > > >Systems Affected
> > > > > >
> > > > > > * Systems running Oracle8i Database
> > > > > > * Systems running Oracle9i Database
> > > > > > * Systems running Oracle9i Application Server
> > > > > >
> > > > > >Overview
> > > > > >
> > > > > > Multiple vulnerabilities in Oracle Application Server have
> > > recently
> > > > > > been discovered. These vulnerabilities include buffer
> > > overflows,
> > > > > > insecure default settings, failures to enforce access
> controls,
> > > and
> > > > > > failure to validate input. The impacts of these
> > > vulnerabilities
> > > > > > include the execution of arbitrary commands or code,
> denial
> > > of
> > > > > > service, and unauthorized access to sensitive information.
> > > > > >
> > > >
> >
Received on Mon Mar 18 2002 - 17:27:17 CST
 |
 |