Re: connect databases via http

From: Michael Austin <>
Date: Fri, 01 Feb 2008 21:32:02 -0600
Message-ID: <7tRoj.5495$>

Ana C. Dent wrote:

> prunoki <> wrote in news:f8c01d18-c872-4a00-9fa6-

>> Hi,
>> Do you know of any means to connect two Oracle 10g databases via http
>> or https without using a middle tier (php, java, whatever...)? One db
>> here, one db there and the traffic have to go through company
>> firewalls. No proxys would be standing in the way, we get direct
>> connectivity via http. It would be very nice to be able to query the
>> other database somehow directly from pl-sql.
>> Regards,
>> Krisztian
> Oracle RDBMS does not speak hhtp or https.
> So the short answer is, "NO!".

Actually your network does not understand HTTP or HTTPS or any other APPLICATION protocol [OSI Layer 7 - APPLICATION]. Your network understands TCPIP and PORTS [OSI Layer 4- TRANSPORT, Layer 3 - NETWORK Layer 2 - DATA LINK and finally Layer 1 - PHYSICAL]. Your firewall has a port open that passes datagrams unchecked - it does not care about the application data being passed.

  1. create another listener on port 80 or 443 on target server - provided no webserver is running on the target.
  2. create a TNSNAMES.ORA entry that points to the serverIPaddress/port
  3. use a database link in source and select data from target. In this scenario, you would not be talking HTTP protocol - but SQL*Net or Oracle Net or whatever it is called today on ports "reserved" for HTTP/HTTPS...
Now, here's the kicker - companies build firewalls for a reason - let's say your target system responds to a request on port 80 that gives a hacker the idea that it is now talking directly to a database and starts hacking away... How secure is your data now?

Just because you CAN do this, does not mean you SHOULD do this... [and if I were your corp security and found you did this, I would fire you on the spot!!!] Received on Fri Feb 01 2008 - 21:32:02 CST

Original text of this message