Re: Accessing Oracle DB Over Internet

On Feb 9, 6:08 pm, Charles Hooper <hooperc2..._at_yahoo.com> wrote:
> On Feb 9, 7:04 am, Michael42 <melliot..._at_yahoo.com> wrote:
>
> > Hello,
>
> > Is it possible to connect to an Oracle 10g database over the Internet
> > via SQLPlus or Java app from a client system (assuming my local
> > firewall permits the listener port I use)?
>
> > If this is possible how can it be made secure?
>
> > Thanks for your comments,
>
> > m42
>
> Yes, it is possible to connect to an Oracle database over the
> Internet. However, it probably is not a good idea to expose the
> Oracle database server's listener port directly to the Internet. A
> better approach would be to use the security and data encryption
> provided by a VPN to act as a gate keeper to the Oracle database
> server's listener port, and to obscure the actual data submitted by
> the client and the return data from the database.
>
> You might take a look at the recent thread "Not able to connect to
> Oracle database through VPN" in this group for some ideas for how a
> VPN server fits into the configuration with firewalls.
>
> Charles Hooper
> IT Manager/Oracle DBA
> K&M Machine-Fabricating, Inc.

Adding to this excellent reply: you can use SSH tunneling for this: SSH will handle authentication, authorization and traffic encryption, similar to what VPNs do. For you it will took as if the database listener is listening on your *local* machine, SSH will forward this local port to the remote side (and this forwarding may even span several hops, depending on configuration.) If the remote listener is on Windows, make sure shared sockets are enabled and active on the listener host (search for USE_SHARED_SOCKET for more details on this feature,) so that all TNS traffic uses single shared port and no port redirects are done by the listener as this will not work (same issue as with VPNs.)

Regards,

   Vladimir M. Zakharychev
   N-Networks, makers of Dynamic PSP(tm)    http://www.dynamicpsp.com Received on Sat Feb 09 2008 - 09:24:39 CST