Home » RDBMS Server » Security » Oracle exposed on a Webserver
icon5.gif  Oracle exposed on a Webserver [message #148075] Tue, 22 November 2005 09:50 Go to next message
stry_cat
Messages: 3
Registered: November 2005
Junior Member
We're thinking of putting the Oracle client on our webserver. The client would then be used (with Perl and PHP) to directly access our Oracle databases. The catch is that our webserver is outside of our firewall. The web server runs RedHat. What I'm wondering is what kind of security issues will need to be addressed when we install Oracle on the web server? Are there any good whitepapers or websites on this subject?

Thanks in advance.
Re: Oracle exposed on a Webserver [message #148215 is a reply to message #148075] Wed, 23 November 2005 02:55 Go to previous messageGo to next message
Frank Naude
Messages: 4570
Registered: April 1998
Senior Member
Hi,

The best would be to put your webservers within a secure zone (DMZ) and config the firewalls so that only the secure zone can connect to your database servers.

If you don't, the consequences could be severe. For example, a hacker gets into the webserver, see your Oracle userid/password in one of those PHP/Perl scripts, connect to it and sell the data to your companies competitors.

Best regards.

Frank
Re: Oracle exposed on a Webserver [message #148258 is a reply to message #148075] Wed, 23 November 2005 05:33 Go to previous messageGo to next message
ndefontenay
Messages: 14
Registered: November 2005
Location: Thailand
Junior Member
Hi.

It depends of the purpose of your data. Like everything in security, you have to ask the question "Is it worth the risk?"

If it is very sensitive data in your database, then you have to use a DMZ (demilitarized zone) with

1) Your private network and your oracle database
2) The internet
3) Your DMZ with the webserver

If the data is very sensitive, I would consider a Reverse proxy in front of my web server for better protection.
Re: Oracle exposed on a Webserver [message #148345 is a reply to message #148215] Wed, 23 November 2005 14:16 Go to previous message
stry_cat
Messages: 3
Registered: November 2005
Junior Member
Frank Naude wrote on Wed, 23 November 2005 02:55

Hi,
The best would be to put your webservers within a secure zone (DMZ) and config the firewalls so that only the secure zone can connect to your database servers.



Well as long as we can access the db servers from anywhere within our network, this sounds like a possible solution.

Quote:


If you don't, the consequences could be severe. For example, a hacker gets into the webserver, see your Oracle userid/password in one of those PHP/Perl scripts, connect to it and sell the data to your companies competitors.




I don't see how the DMZ proposal will help in this case. If the hacker gets into the webserver and sees the Oracle userid/password won't he be able to access the data b/c he's in the secure zone? Don't you need to prevent him from hacking the webserver in this case? Does this DMZ secure zone idea stop that?
Previous Topic: Want DMP help
Next Topic: database auditing
Goto Forum:
  


Current Time: Thu Dec 02 10:29:38 CST 2021