Re: Make a database accessible over the internet

"Marcus Ilgner" <Marcus.Ilgner_at_gerig.de> wrote in message news:pan.2004.09.13.14.53.31.160993_at_gerig.de...
| Hello everyone,
|
| I'm currently evaluating methods for making our database accessible from
| the outside (->Internet) (for e.g. field staff).
| The Oracle Security Guide states that poking a hole through the firewall
| on port 1521 isn't (obviously) a good idea, which, I guess, applies
| whether the listener is password protected or not.
| So I have currently considered the following approaches:
| 1) set up a VPN to connect the external PC to the Intranet.
| 2) use TCPS in combination with a certificate/wallet as a listener
| protocol and let the TCPS listener port through the firewall.
| 3) use an application level proxy to additionally tighten security (<- but
| I couldn't find one)
|
| I searched the Internet and found that Oracle works somewhat like FTP,
| i.e. it uses a randomly negotiated port for a reconnect, which would make
| approach No 2 unusable if not the firewall was also equipped with a
| special plugin, which I couldn't find either.
|
| So my question is if you can explicitly recommend one approach (or a
| combination) over the other. Maybe you could also help me out with some
| discussion URL on that topic or such, as I couldn't discover a helpful
one.
|
| Greetings and many thanks
| Marcus
|

Marcus,

What's the goal of making the database accessible over the internet? Application access?
Application development?
Ad-hoc reporting?
What tools/interfaces will the 'outside' users be using? Are you using (can you use) Oracle's Application Server (iAS)?

++ mcs Received on Mon Sep 13 2004 - 14:36:42 CDT