Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Make a database accessible over the internet

Re: Make a database accessible over the internet

From: Joel Garry <joel-garry_at_home.com>
Date: 13 Sep 2004 13:25:25 -0700
Message-ID: <91884734.0409131225.3b1daaf4@posting.google.com> 





Marcus Ilgner <Marcus.Ilgner_at_gerig.de> wrote in message news:<pan.2004.09.13.14.53.31.160993_at_gerig.de>...


> Hello everyone,

> 

> I'm currently evaluating methods for making our database accessible from

> the outside (->Internet) (for e.g. field staff).

> The Oracle Security Guide states that poking a hole through the firewall

> on port 1521 isn't (obviously) a good idea, which, I guess, applies

> whether the listener is password protected or not.

> So I have currently considered the following approaches:

> 1) set up a VPN to connect the external PC to the Intranet.

> 2) use TCPS in combination with a certificate/wallet as a listener

> protocol and let the TCPS listener port through the firewall.

> 3) use an application level proxy to additionally tighten security (<- but

> I couldn't find one)

> 

> I searched the Internet and found that Oracle works somewhat like FTP,

> i.e. it uses a randomly negotiated port for a reconnect, which would make

> approach No 2 unusable if not the firewall was also equipped with a

> special plugin, which I couldn't find either.




Most of the modern firewall products have the negotiation of this
built in.



You can use several products within Oracle to deal with this. 
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96582/toc.htm
see esp. ch. 9.



VPN works, but I've only seen it be slow (since I'm normally using it
to take over a PC remotely with a broadband connection and then using
emulation products).



> 

> So my question is if you can explicitly recommend one approach (or a

> combination) over the other. Maybe you could also help me out with some

> discussion URL on that topic or such, as I couldn't discover a helpful one.




If you have metalink access, there are a number of notes that explain
specific ways to do things, like


http://metalink.oracle.com/metalink/plsql/ml2_documents.showFrameDocument?p_database_id=NOT&p_id=270160.1
and http://metalink.oracle.com/metalink/plsql/ml2_documents.showFrameDocument?p_database_id=NOT&p_id=125021.1



Also check out otn.oracle.com, lots of stuff on there. 
http://www.oracle.com/technology/products/ias/pdf/availability-best-practices.pdf



jg

--
@home.com is bogus.
DJ:  "Hef, every straight guy in the world wants to be you for one
day."
Hugh Hefner:  "Even some gay guys do."


Received on Mon Sep 13 2004 - 15:25:25 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US