Re: [Q] security between Cold fusion and oracle database?
One of the most important rules - to use difficult/criptic passwords. That's true for any system. Simple passwords - 90% of succesful attaks. You can set up you own procedure to check quality of passwords in Oracle. Alexandre - Original Message - To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Monday, August 26, 2002 11:41 PM > > > We have ORACLE 8.1.7 on NT server. users can through Internet Cold fusion > server (with ODBC) access ORACLE database. Between Cold fusion server and > ORACLE server their has firewall on it. The firewall only open port 1521 > to allow ODBC access to ORACLE database. We are worry the hacker may hack > into ORACLE database (even firewall their) and plan to change port from > 1521 to . Is this way improve security? > > We are NOT plan to buy ORACLE advance security module. Does their has > other way to improve security between Cold fusion server to ORACLE server? > > > Thanks. > > > _ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: dist cash > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Alexandre Gorbatchev INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re[2]: [Q] security between Cold fusion and oracle database?
Take a close look at your firewall software. Many vendors have an Oracle
SQL*Net configuration that will only allow a SQL*Net connection on the port of
choice. This I have seen is rather effective as a telnet request is rejected
quickly.
Dick Goulet
Reply Separator
Author: [EMAIL PROTECTED]
Date: 8/26/2002 8:38 PM
Basic firewall rule
make sure your firewall rules only allow trusted servers to access ports
or in this case make sure the host that is the coldfusion server is the
only one allowed to connect on that port.
and changing the port to a non default value will assist. it is no
guarantee of security. It will just take them a lot longer to work out
what is on the other side of the firewall at that port.
Cheers
--
=
Peter McLarty E-mail: [EMAIL PROTECTED]
Technical ConsultantWWW: http://www.mincom.com
APAC Technical Services Phone: +61 (0)7 3303 3461
Brisbane, AustraliaMobile: +61 (0)402 094 238
Facsimile: +61 (0)7 3303 3048
=
A great pleasure in life is doing what people say you cannot do.
- Walter Bagehot (1826-1877 British Economist)
=
Mincom "The People, The Experience, The Vision"
=
This transmission is for the intended addressee only and is confidential
information. If you have received this transmission in error, please
delete it and notify the sender. The contents of this e-mail are the
opinion of the writer only and are not endorsed by the Mincom Group of
companies unless expressly stated otherwise.
"dist cash" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
27-08-2002 07:41 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Fax to:
Subject: [Q] security between Cold fusion and oracle database?
We have ORACLE 8.1.7 on NT server. users can through Internet Cold fusion
server (with ODBC) access ORACLE database. Between Cold fusion server and
ORACLE server their has firewall on it. The firewall only open port 1521
to allow ODBC access to ORACLE database. We are worry the hacker may hack
into ORACLE database (even firewall their) and plan to change port from
1521 to . Is this way improve security?
We are NOT plan to buy ORACLE advance security module. Does their has
other way to improve security between Cold fusion server to ORACLE server?
Thanks.
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: dist cash
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Re: [Q] security between Cold fusion and oracle database?
Basic firewall rule
make sure your firewall rules only allow trusted servers to access ports
or in this case make sure the host that is the coldfusion server is the
only one allowed to connect on that port.
and changing the port to a non default value will assist. it is no
guarantee of security. It will just take them a lot longer to work out
what is on the other side of the firewall at that port.
Cheers
--
=
Peter McLarty E-mail: [EMAIL PROTECTED]
Technical ConsultantWWW: http://www.mincom.com
APAC Technical Services Phone: +61 (0)7 3303 3461
Brisbane, AustraliaMobile: +61 (0)402 094 238
Facsimile: +61 (0)7 3303 3048
=
A great pleasure in life is doing what people say you cannot do.
- Walter Bagehot (1826-1877 British Economist)
=
Mincom "The People, The Experience, The Vision"
=
This transmission is for the intended addressee only and is confidential
information. If you have received this transmission in error, please
delete it and notify the sender. The contents of this e-mail are the
opinion of the writer only and are not endorsed by the Mincom Group of
companies unless expressly stated otherwise.
"dist cash" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
27-08-2002 07:41 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Fax to:
Subject: [Q] security between Cold fusion and oracle database?
We have ORACLE 8.1.7 on NT server. users can through Internet Cold fusion
server (with ODBC) access ORACLE database. Between Cold fusion server and
ORACLE server their has firewall on it. The firewall only open port 1521
to allow ODBC access to ORACLE database. We are worry the hacker may hack
into ORACLE database (even firewall their) and plan to change port from
1521 to . Is this way improve security?
We are NOT plan to buy ORACLE advance security module. Does their has
other way to improve security between Cold fusion server to ORACLE server?
Thanks.
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: dist cash
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
[Q] security between Cold fusion and oracle database?
We have ORACLE 8.1.7 on NT server. users can through Internet Cold fusion server (with ODBC) access ORACLE database. Between Cold fusion server and ORACLE server their has firewall on it. The firewall only open port 1521 to allow ODBC access to ORACLE database. We are worry the hacker may hack into ORACLE database (even firewall their) and plan to change port from 1521 to . Is this way improve security? We are NOT plan to buy ORACLE advance security module. Does their has other way to improve security between Cold fusion server to ORACLE server? Thanks. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: dist cash INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
