| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Make a database accessible over the internet
This kind of depends on what your field staff do. Are they end users
of an application? Are the dba's working at a client site? If app
users, then build a password protected extranet. If dbas, then just
set up ssh to get inside your firewall.
Rich
Marcus Ilgner <Marcus.Ilgner_at_gerig.de> wrote in message news:<pan.2004.09.13.14.53.31.160993_at_gerig.de>...
> Hello everyone,
>
> I'm currently evaluating methods for making our database accessible from
> the outside (->Internet) (for e.g. field staff).
> The Oracle Security Guide states that poking a hole through the firewall
> on port 1521 isn't (obviously) a good idea, which, I guess, applies
> whether the listener is password protected or not.
> So I have currently considered the following approaches:
> 1) set up a VPN to connect the external PC to the Intranet.
> 2) use TCPS in combination with a certificate/wallet as a listener
> protocol and let the TCPS listener port through the firewall.
> 3) use an application level proxy to additionally tighten security (<- but
> I couldn't find one)
>
> I searched the Internet and found that Oracle works somewhat like FTP,
> i.e. it uses a randomly negotiated port for a reconnect, which would make
> approach No 2 unusable if not the firewall was also equipped with a
> special plugin, which I couldn't find either.
>
> So my question is if you can explicitly recommend one approach (or a
> combination) over the other. Maybe you could also help me out with some
> discussion URL on that topic or such, as I couldn't discover a helpful one.
>
> Greetings and many thanks
> Marcus
Received on Mon Sep 13 2004 - 15:42:33 CDT
 |
 |