Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Securing isqlplus

Re: Securing isqlplus

From: Daniel Morgan <damorgan_at_exxesolutions.com>
Date: Mon, 19 May 2003 23:46:28 -0700
Message-ID: <3EC9CF44.D684FF03@exxesolutions.com> 





Alison Holloway wrote:



> > I can not come up with a single reason why the Oracle installation must provide a temporary

> > certificate. Provide what is necessary to permanently secure the connection or buy yourself a flack

> > jacket.

>

> Oracle is not a CA, and therefore cannot issue certificates. Oracle can, however, issue

> temporary certificates that aren't 'certified' to the user/company/server. These can be

> used for testing, but a real certificate is need for production servers. There are

> professional CA companies that you should contact to buy a certificate.

>

> Alison




I understand what you have written but it is no substitute in the real-world.



One of the major complaints about DB2 is that it is not secure without purchasing an additional product:
For example Tivoli. What is being duplicated here appears to be an analogous situation. I spend hundred
of thousands or millions of dollars to purchase a product from Oracle and then have to go negotiate with
someone else to purchase what I need to provide a secure environment. I hope I am misunderstanding but it
appears that way from here. And if that is the case it is a marketing disaster waiting to happen.



Oracle should go to a professional CA company and purchase what is required and then bundle it into the
database or, given Oracle's assets, purchase the company itself. Anything less and you've surrendered a
substantial piece of market-share to Bill Gates.



Expect substantial negative feedback in Redwood Shores beginning tomorrow morning unless my understanding
is incorrect.



Thanks for stepping up to the plate and telling us what is happening. But it is important to remember
that you are the one that stuck a knife into SQLPLUSW not us. You, as Oracle, made that decision. If your
decision results in us having to purchase an additional product at additional expense you can expect a
lot of very unhappy customers and that some of us will vigorously express our displeasure.



I will look for your email off-line and here when I awake.

--
Daniel Morgan
http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Tue May 20 2003 - 01:46:28 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US