Arup, Thanks for the info. Can you elaborate a little on your understanding of how a client would connect their own reporting tool _directly_ to our database?
Paul --- Arup Nanda <[EMAIL PROTECTED]> wrote: > Paul, > > We use Advanced Security. the product is pricey and difficult to > setup; but > once in place it's in solid footing. > > Advanced security does not replace VPN per se; it's purpose is > slightly > different and broader in scope. If you take VPN away, how do you > suppose you > will connect to the DB server, directly? Hardly. So, VPN _may_ be > required > regardless. > > Some of the uses of AS are (not exhaustive) > > 1. Encryption and Checksumming of Net8 connection between the db > server and > the app servers (and any other users connected to the db server > directly). > This is the bare minimum security manadated by HIPAA and > unfortunately > Oracle does not provide a solution as a part of the base product. You > may > not need it, though; since using intelligent subnets and using > firewalls > around the db servers can limit threats to an acceptable degree. > > 2. Single signon. We use it in our app servers (running IIS) where > the > authentication is done using certificates. Again, this is necessary > due to > the refusal of the Development group to introduce database userids > and > eliminate the application authentication. > > The second part can be addressed in a different way. Using an > application > user security model where the users supply their userid and password > to the > database for authentication will eliminate the need to have a Windows > user > to be authenticated. A simple mechanism will be to authenticate the > user > agaist the database as the very first step. If authentication fails, > the app > will not proceed further. This will eliminate the authentication of > the user > by Windows. This model has been in use on a different app here and > works > great; but on the other app, the manager insists on one > authentication on > Windows and then another on the database, hence single signon. > > HTH. > > Arup Nanda > www.proligence.com > > ----- Original Message ----- > To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> > Sent: Friday, October 24, 2003 10:09 PM > > > > Thanks, everyone, for your helpful responses. > > > > A talk with our Oracle sales droid has pointed me in the direction > of > > Oracle Advanced Security for authentication, encryption, and > integrity. > > Anyone have experience using this? We are considering using > Entrust > > SSL authentication as we already use Entrust to authenticate users > of > > our app. Would Advanced Security replace a VPN, or coexist with > it? > > > > > > > > ===== > > Paul Baumgartel > > Transcentive, Inc. > > www.transcentive.com > > > > __________________________________ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product search > > http://shopping.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Paul Baumgartel > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > San Diego, California -- Mailing list and web hosting > services > > > --------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like > subscribing). > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Arup Nanda > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).