On Tue, 1 Mar 2005 20:01:13 -0500, Dave Watts <[EMAIL PROTECTED]> wrote: > > IMO if you are so serious about security you should a) put > > your DB servers on their own network with a firewall between > > them everything else and b) use Oracle. > > There are plenty of Oracle vulnerabilities - just ask Dave Litchfield.
And, for the record, so does MySQL. Considering there are three major versions in frequently used in production (3.23.x, 4.0.x, and 4.1.x) it can be a minefield. Oh, and PostgreSQL. And DB2. And Sybase. Let's just say all of them have vulnerabilities. The best thing I'll say about Oracle is that you almost *have* to have a certified Oracle DBA, so odds are your install will be fairly secure. MySQL, PostgreSQL, MS-SQL -- it's a lot more common to have the sysadmin or one of the developers roleplay as the "DBA" with varying degrees of success from a security perspective. -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197059 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54