Running Oracle 9i and Solaris 2.9. It appears to me that the solution can be hardware based or Oracle based then. Which brings up questions about cost versus administration versus reliability. Hmmm.
-----Original Message----- Paul Drake Sent: Friday, January 09, 2004 12:49 PM To: Multiple recipients of list ORACLE-L --- [EMAIL PROTECTED] wrote: > Guys, > > Any good doc. on securing data on database on > internal network behind firewall with an application > server accessing it in the DMZ. I am thinking > Advanced security but would appreciate something on > this subject. I have stored some documents on > security from previous strings but cannot get to my > folder do to a system issue. > > Thanks for any assistance. Hi. how about some OS and database server version info? It wouldn't surprise me if SysAdmin Mag has an article on exactly this. Will more than just OracleNet traffic need to be encrypted? If so, then an ssh tunnel (or some other vpn solution) might make more sense. One method is entirely physical: private network (non-virtual) over additional NICs + crossover cable but that would require that you run a firewall on the server housing the database, as the application server is in an untrusted network. As it circumvents the existing firewall, it could get you fired for violating the site security policy, so it isn't necessarily a good solution. But its one worth considering. I really like using dedicated point to point connections between app server and database server where both servers have dual integrated gigabit cards, no one has coughed up the funds for switched gigabit ethernet ports and one of the integrated gigabit nics is unused (for a fat client/server app). but it does not scale for several hosts. Pd __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Drake INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: <[EMAIL PROTECTED] INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).