Re: how to link Apache and Oracle?

vslabs_at_onwe.co.za says...

> > If you decide you want to segregate your web applications from your
> > database (there are arguments for and against that approach, the biggest
> > one for being security - firewall the database machine from the 'net)
> > and want a simpler path than Java, then I'd suggest PHP rather than Perl
> > or any of the proprietary non-Oracle (ColdFusion, etc.) options.
>
> I have a problem with that statement on security. It is a fallacy to
> think with the application in the DMZ and the database behind a
> firewall, it is secure.

Agreed. Putting in a firewall doesn't mean you're secure. But it can be one of a number of measures which somewhat mitigate certain risks. Only known, monitored addresses can get through the NAT to my data server which has a 10.x.x.x address.

> If those applications reside in Oracle, what is compromised? Only the
> web server.

And the machine itself that it runs on.

If you run a single box with both Apache (either standalone or Oraclesupplied)  and Oracle and are attacked using an Apache-based exploit, it can be used to bring the whole box to a grinding halt.

We have a farm of Apache app servers and, more critically, a number of internal fat client apps all talking to a "single" (actually a loadbalanced  setup) data server.

If one Apache server machine goes belly-up, I want the database there for the others.

Geoff M Received on Thu Feb 19 2004 - 17:19:59 CST