Re: SQL*NET/orasrv security problem

From: <GO.MSB_at_ISUMVS.IASTATE.EDU>
Date: Thu, 7 Apr 94 09:41:25 CDT
Message-ID: <2o1630$f8l_at_news.iastate.edu>

In article <2nuofc$2di8_at_te6000.otc.lsu.edu>, sli_at_ascii.csc.lsu.edu (Siqiao Li) writes:
>In article <2nu6lp$ng7_at_hafro.is> gunnaro_at_hafro.is (Gunnar Orvarsson) writes:
>>We are running Oracle/7 and SQL*NET's orasrv on a Unix server. We would
>>...
>>This would be great, if we could allow connections from CERTAIN MACHINES
>>MACHINES ONLY, i.e. those that are on our network or in our administrative
>>domain. But unfortunantely, this doesn't seem to be the way orasrv works.
>>Allowing this kind of access to workstations on our network seems to enable
>>users with the same login name on ANY machine on the Internet to connect to
>>our database.
>>
>>So my question is:
>>Does anyone know a way to make orsrv allow connections from certain machines
>>only? Are there any ways at all to prevent logins from machines from the
>>outside (and staying on the Internet)? Might there exist some public domain
>>security packages to take care of this?
>
>Try to implement the 'firewall' in your router to interent so that you
>can restrict incoming packets on certain ports(ie. 1525 for oracle,
>20 and 21 for ftp). At the software level, you can run something like
>Kerberos(not sure for the spelling) to authenticate internet machines.
>
>ciao
>

We are running with a Kerberized file authentication system, but to our knowledge, ORACLE does not yet understand Kerberized tickets (I presume the socket-listener would have to some how understand such tickets and ask the Kerberos server to ok them). If anyone knows anything about where Oracle stands on this facility, we would appreciate hearing about it. We were told they were looking into it at one time. Currently, our ORACLE server has to run outside of the Kerberized system, and thus our users must provide a username and password. We just turned the OPS$ and network dba access facilities off for reasons listed above.

Thanks much.

Marvin Beck Iowa State University Received on Thu Apr 07 1994 - 16:41:25 CEST

This message: [ Message body ]
Next message: jl34778_at_corp02.d51.lilly.com: "Re: SQL*NET/orasrv security problem"
Previous message: B C Zygmunt: "Re: SQL*NET/orasrv security problem"
Maybe in reply to: Gunnar Orvarsson: "SQL*NET/orasrv security problem"
In reply to Karel Sprenger: "Re: SQL*NET/orasrv security problem"
Next in thread: jl34778_at_corp02.d51.lilly.com: "Re: SQL*NET/orasrv security problem"
Reply: jl34778_at_corp02.d51.lilly.com: "Re: SQL*NET/orasrv security problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message