Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.misc -> Re: how to link Apache and Oracle?
vslabs_at_onwe.co.za says...
> > If you decide you want to segregate your web applications from your
> > database (there are arguments for and against that approach, the biggest
> > one for being security - firewall the database machine from the 'net)
> > and want a simpler path than Java, then I'd suggest PHP rather than Perl
> > or any of the proprietary non-Oracle (ColdFusion, etc.) options.
>
> I have a problem with that statement on security. It is a fallacy to
> think with the application in the DMZ and the database behind a
> firewall, it is secure.
Agreed. Putting in a firewall doesn't mean you're secure. But it can be one of a number of measures which somewhat mitigate certain risks. Only known, monitored addresses can get through the NAT to my data server which has a 10.x.x.x address.
> If those applications reside in Oracle, what is compromised? Only the
> web server.
And the machine itself that it runs on.
If you run a single box with both Apache (either standalone or Oraclesupplied) and Oracle and are attacked using an Apache-based exploit, it can be used to bring the whole box to a grinding halt.
We have a farm of Apache app servers and, more critically, a number of internal fat client apps all talking to a "single" (actually a loadbalanced setup) data server.
If one Apache server machine goes belly-up, I want the database there for the others.
Geoff M Received on Thu Feb 19 2004 - 17:19:59 CST
![]() |
![]() |