| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle access through firewall
Hi Harry,
We have several production sites running at our company, with different database in the background (NT/2000/Linux/Solaris, all 8i). All the sites we have running have their own production database. If you want to share this data with an internal application I still think replication is a good option, however expensive. We chose to have one database for the internal and external data. In order to make this secure, we have DMZ in which our webservers are located (OAS 4.0.8.2 and iAS9i). A BSD firewall 'screens' all traffic coming from the internet going into the DMZ, and from our local network onto the DMZ. So the DMZ is actually a 'bufferzone' between our LAN and the internet. It's actually a very common network topology used for companies that host more than one site. By placing the database on our local LAN, and only giving a webserver in the DMZ access to the database, the only way to get in the database (from outside our LAN) is through the webserver (if the firewalls are configured correctly offcourse). If you do not install any client programs except for Net8, the only way a 'hacker' can get into the database is by using the functionality *you* provide as your web-application. If your application is secure, there's no worries. There are probably other solutions too, I'm definitely not saying this is the best, but we have used it for 2 yrs now, and we haven't had any problems yet.
Several sites we host on Oracle are: http://www.flitspaal.nu (the Dutch gatso database), http://www.desyde.nl (our company description), http://www.internet-campagnes.nl (currently under heavy construction, this one actually uses an entire Sun Enterprise 250 to drive the content), http://www.cav.nu (very simple site, that allows the owner to edit the content online, on-the-fly), http://www.oracleplaza.nl (which we just sold, and is also under construction) and a nice looking one is: http://www.incontro.nl (which is an online store for Italian quality wines). Just to give an example.... Actually the Incontro site is owned by some people from the Oracle company, and they are satisfied with security.... (I know it's a bit of a suggestive argument, just thought I'd mention it ;-) )
BTW the nice thing about using this construction is that you can actually protect the backoffice against unauthorized entry, by providing a complete different url for this, or specifically opening up the firewall to certain ip's.
HTH, Bastiaan
 |
 |