 Oracle exposed on a Webserver [message #148075] |
Tue, 22 November 2005 09:50  |
stry_cat
Messages: 3
Registered: November 2005
|
Junior Member |
|
|
We're thinking of putting the Oracle client on our webserver. The client would then be used (with Perl and PHP) to directly access our Oracle databases. The catch is that our webserver is outside of our firewall. The web server runs RedHat. What I'm wondering is what kind of security issues will need to be addressed when we install Oracle on the web server? Are there any good whitepapers or websites on this subject?
Thanks in advance.
|
|
|
|
| Re: Oracle exposed on a Webserver [message #148215 is a reply to message #148075] |
Wed, 23 November 2005 02:55  |
Frank Naude
Messages: 4579
Registered: April 1998
|
Senior Member |
|
|
Hi,
The best would be to put your webservers within a secure zone (DMZ) and config the firewalls so that only the secure zone can connect to your database servers.
If you don't, the consequences could be severe. For example, a hacker gets into the webserver, see your Oracle userid/password in one of those PHP/Perl scripts, connect to it and sell the data to your companies competitors.
Best regards.
Frank
|
|
|
|
| Re: Oracle exposed on a Webserver [message #148258 is a reply to message #148075] |
Wed, 23 November 2005 05:33 |
ndefontenay
Messages: 14
Registered: November 2005
Location: Thailand
|
Junior Member |
|
|
Hi.
It depends of the purpose of your data. Like everything in security, you have to ask the question "Is it worth the risk?"
If it is very sensitive data in your database, then you have to use a DMZ (demilitarized zone) with
1) Your private network and your oracle database
2) The internet
3) Your DMZ with the webserver
If the data is very sensitive, I would consider a Reverse proxy in front of my web server for better protection.
|
|
|
|
| Re: Oracle exposed on a Webserver [message #148345 is a reply to message #148215] |
Wed, 23 November 2005 14:16 |
stry_cat
Messages: 3
Registered: November 2005
|
Junior Member |
|
|
| Frank Naude wrote on Wed, 23 November 2005 02:55 |
Hi,
The best would be to put your webservers within a secure zone (DMZ) and config the firewalls so that only the secure zone can connect to your database servers.
|
Well as long as we can access the db servers from anywhere within our network, this sounds like a possible solution.
| Quote: |
If you don't, the consequences could be severe. For example, a hacker gets into the webserver, see your Oracle userid/password in one of those PHP/Perl scripts, connect to it and sell the data to your companies competitors.
|
I don't see how the DMZ proposal will help in this case. If the hacker gets into the webserver and sees the Oracle userid/password won't he be able to access the data b/c he's in the secure zone? Don't you need to prevent him from hacking the webserver in this case? Does this DMZ secure zone idea stop that?
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
