views:

29

answers:

1

Hello All,

I'm wondering how safe or if it's even possible to have a website pull data from a Oracle database on a remote server?

What and how big are the security issues with this?

Thanks,

  • Dane
A: 

Is it possible? Yes. Is it safe? Not unless you're (carefully and properly) using advanced security features including authentication (beyond simple passwords) and encryption, or some sort of VPN. I can understand corporate's hesitancy to allow internet connections to it's database. Patches must be vigilantly applied. Slip-ups in implementations can be extremely costly.

Take a look at the quarterly critical patch updates that come out of Oracle regarding security, and you'll see why it's dangerous to expose an oracle database to the internet. The number of vulnerabilities allowing unauthenticated SYS level access to the database is scary.

DCookie