RE: VPN to database?
Never mind, I see that it is. Thanks. --- Paul Baumgartel <[EMAIL PROTECTED]> wrote: > Jared, > > Is that the book from sans.org? > > Thanks, > > Paul > > > --- Jared Still <[EMAIL PROTECTED]> wrote: > > Yes, I will ditto the recommendation for Pete Finnigan's book. > > > > Jared > > > > On Fri, 2003-10-24 at 10:29, DENNIS WILLIAMS wrote: > > > Paul - We have some of the similar issues here > > (network/firewall/VPN/Oracle > > > Net). Based on your description of your business, you probably > have > > some > > > competent network engineers on staff. My experience is that they > > routinely > > > handle issues like this, and you probably won't need to get > > involved in the > > > actual configuration. However, you should educate yourself in the > > security > > > issues involved so you can participate intelligently in any > > discussions from > > > the database point of view. As a starter, I am including two > recent > > > excellent postings to this list from Tim Gorman and Ian > MacGregor. > > Just > > > scroll down. > > > > > > Dennis Williams > > > DBA > > > Lifetouch, Inc. > > > [EMAIL PROTECTED] > > > > > > Sent: Thursday, August 07, 2003 10:25 AM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > Sandro, > > > > > > There is an excellent book on "Oracle Security" available online > > from > > > "http://www.sans.org";. Concise, organized, and prioritized. > Also, > > Newman > > > and Theriault's "Oracle Security Handbook" from Oracle Press is > > chock full > > > of common sense... > > > > > > Not sure what the question about "automating the migration of > > stored > > > procedures" refers to. Could you provide more information? I > > don't think I > > > understand the problem... > > > > > > Storing password files on the database server is mainly an > exercise > > in > > > ensuring that OS security and file permissions properly > > implemented. If you > > > cannot ensure that OS files are properly secured, then the entire > > Oracle > > > database is at risk, not to mention files containing clear-text > > passwords. > > > After all, one can view data within datafiles using programs > other > > than the > > > Oracle RDBMS... > > > > > > The idea of creating production schemas/logins to separate object > > ownership > > > from application/end-user access is excellent. To avoid using > > synonyms, > > > consider the functionality of the "ALTER SESSION SET > CURRENT_SCHEMA > > = > > > " command being executed in an AFTER LOGON > > trigger in all > > > accounts used for end-user access. It is a little-known but > > wonderfully > > > manageable bit of functionality... > > > > > > Hope this helps... > > > > > > -Tim > > > -Original Message- > > > Sent: Wednesday, October 01, 2003 5:19 PM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > Our security folks just sent me this. > > > > > > Ian MacGregor > > > Stanford Linear Accelerator Center > > > [EMAIL PROTECTED] > > > > > > -Original Message- > > > Sent: Tuesday, September 30, 2003 1:35 PM > > > To: [EMAIL PROTECTED] > > > > > > > > > I've posted the presentation I gave at OracleWorld last month. > This > > > presentation covers writing secure code in Oracle databases and > > Oracle > > > Application Server. The topics covered include: > > > > > > Managing state > > > Query parameters > > > Hidden fields > > > Cookies > > > Cross-site scripting > > > SQL Injection > > > PL/SQL Injection > > > Buffer overflows in EXTPROC > > > Resources > > > > > > You can download the presentation at > > > http://www.appsecinc.com/techdocs/presentations.html under the > > heading > > > "Writing Secure Code in Oracle Presentation". > > > > > > I welcome comments and criticisms. > > > > > > Regards, > > > Aaron > > > ___ > > > Aaron C. Newman > > > CTO/Founder > > > Application Security, Inc. > > > www.appsecinc.com > > > Phone: 212-420-9270 > > > Fax: 212-420-9680 > > > - Securing Business by Securing Enterprise Applications - > > > > > > > > > Sent: Friday, October 24, 2003 10:14 AM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > We are an Application Service Provider--we maintain a set of > > servers in > > > a colocation facility and our customers use our application via > the > > > Web. Security is a paramount concern, of course, and only our > Web > > > server has a public IP address, with the application and database > > > servers completely private. > > > > > > We supply a number of standard reports, but most of our customers > > want > > > some custom reports as well. We would like to give them access > to > > our > > > database, possibly over a VPN, but only if security can be > > maintained. > > > I'd like to know if anyone has faced such a situation, and what > > kind of > > > configuration (network/firewall/VPN/Oracle Net) might make such > > access > > > possible. > > > > > > TIA, > > > > > > > > > > > > = > > > Paul Bau
RE: VPN to database?
Yes: https://store.sans.org/store_item.php?item=80 On Mon, 2003-10-27 at 09:49, Paul Baumgartel wrote: > Jared, > > Is that the book from sans.org? > > Thanks, > > Paul > > > --- Jared Still <[EMAIL PROTECTED]> wrote: > > Yes, I will ditto the recommendation for Pete Finnigan's book. > > > > Jared > > > > On Fri, 2003-10-24 at 10:29, DENNIS WILLIAMS wrote: > > > Paul - We have some of the similar issues here > > (network/firewall/VPN/Oracle > > > Net). Based on your description of your business, you probably have > > some > > > competent network engineers on staff. My experience is that they > > routinely > > > handle issues like this, and you probably won't need to get > > involved in the > > > actual configuration. However, you should educate yourself in the > > security > > > issues involved so you can participate intelligently in any > > discussions from > > > the database point of view. As a starter, I am including two recent > > > excellent postings to this list from Tim Gorman and Ian MacGregor. > > Just > > > scroll down. > > > > > > Dennis Williams > > > DBA > > > Lifetouch, Inc. > > > [EMAIL PROTECTED] > > > > > > Sent: Thursday, August 07, 2003 10:25 AM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > Sandro, > > > > > > There is an excellent book on "Oracle Security" available online > > from > > > "http://www.sans.org";. Concise, organized, and prioritized. Also, > > Newman > > > and Theriault's "Oracle Security Handbook" from Oracle Press is > > chock full > > > of common sense... > > > > > > Not sure what the question about "automating the migration of > > stored > > > procedures" refers to. Could you provide more information? I > > don't think I > > > understand the problem... > > > > > > Storing password files on the database server is mainly an exercise > > in > > > ensuring that OS security and file permissions properly > > implemented. If you > > > cannot ensure that OS files are properly secured, then the entire > > Oracle > > > database is at risk, not to mention files containing clear-text > > passwords. > > > After all, one can view data within datafiles using programs other > > than the > > > Oracle RDBMS... > > > > > > The idea of creating production schemas/logins to separate object > > ownership > > > from application/end-user access is excellent. To avoid using > > synonyms, > > > consider the functionality of the "ALTER SESSION SET CURRENT_SCHEMA > > = > > > " command being executed in an AFTER LOGON > > trigger in all > > > accounts used for end-user access. It is a little-known but > > wonderfully > > > manageable bit of functionality... > > > > > > Hope this helps... > > > > > > -Tim > > > -Original Message- > > > Sent: Wednesday, October 01, 2003 5:19 PM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > Our security folks just sent me this. > > > > > > Ian MacGregor > > > Stanford Linear Accelerator Center > > > [EMAIL PROTECTED] > > > > > > -Original Message- > > > Sent: Tuesday, September 30, 2003 1:35 PM > > > To: [EMAIL PROTECTED] > > > > > > > > > I've posted the presentation I gave at OracleWorld last month. This > > > presentation covers writing secure code in Oracle databases and > > Oracle > > > Application Server. The topics covered include: > > > > > > Managing state > > > Query parameters > > > Hidden fields > > > Cookies > > > Cross-site scripting > > > SQL Injection > > > PL/SQL Injection > > > Buffer overflows in EXTPROC > > > Resources > > > > > > You can download the presentation at > > > http://www.appsecinc.com/techdocs/presentations.html under the > > heading > > > "Writing Secure Code in Oracle Presentation". > > > > > > I welcome comments and criticisms. > > > > > > Regards, > > > Aaron > > > ___ > > > Aaron C. Newman > > > CTO/Founder > > > Application Security, Inc. > > > www.appsecinc.com > > > Phone: 212-420-9270 > > > Fax: 212-420-9680 > > > - Securing Business by Securing Enterprise Applications - > > > > > > > > > Sent: Friday, October 24, 2003 10:14 AM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > We are an Application Service Provider--we maintain a set of > > servers in > > > a colocation facility and our customers use our application via the > > > Web. Security is a paramount concern, of course, and only our Web > > > server has a public IP address, with the application and database > > > servers completely private. > > > > > > We supply a number of standard reports, but most of our customers > > want > > > some custom reports as well. We would like to give them access to > > our > > > database, possibly over a VPN, but only if security can be > > maintained. > > > I'd like to know if anyone has faced such a situation, and what > > kind of > > > configuration (network/firewall/VPN/Oracle Net) might make such > > access > > > possible. > > > > > > TIA, > > > > > > > > > > > > = > > > Paul Baumga
RE: VPN to database?
Jared, Is that the book from sans.org? Thanks, Paul --- Jared Still <[EMAIL PROTECTED]> wrote: > Yes, I will ditto the recommendation for Pete Finnigan's book. > > Jared > > On Fri, 2003-10-24 at 10:29, DENNIS WILLIAMS wrote: > > Paul - We have some of the similar issues here > (network/firewall/VPN/Oracle > > Net). Based on your description of your business, you probably have > some > > competent network engineers on staff. My experience is that they > routinely > > handle issues like this, and you probably won't need to get > involved in the > > actual configuration. However, you should educate yourself in the > security > > issues involved so you can participate intelligently in any > discussions from > > the database point of view. As a starter, I am including two recent > > excellent postings to this list from Tim Gorman and Ian MacGregor. > Just > > scroll down. > > > > Dennis Williams > > DBA > > Lifetouch, Inc. > > [EMAIL PROTECTED] > > > > Sent: Thursday, August 07, 2003 10:25 AM > > To: Multiple recipients of list ORACLE-L > > > > > > Sandro, > > > > There is an excellent book on "Oracle Security" available online > from > > "http://www.sans.org";. Concise, organized, and prioritized. Also, > Newman > > and Theriault's "Oracle Security Handbook" from Oracle Press is > chock full > > of common sense... > > > > Not sure what the question about "automating the migration of > stored > > procedures" refers to. Could you provide more information? I > don't think I > > understand the problem... > > > > Storing password files on the database server is mainly an exercise > in > > ensuring that OS security and file permissions properly > implemented. If you > > cannot ensure that OS files are properly secured, then the entire > Oracle > > database is at risk, not to mention files containing clear-text > passwords. > > After all, one can view data within datafiles using programs other > than the > > Oracle RDBMS... > > > > The idea of creating production schemas/logins to separate object > ownership > > from application/end-user access is excellent. To avoid using > synonyms, > > consider the functionality of the "ALTER SESSION SET CURRENT_SCHEMA > = > > " command being executed in an AFTER LOGON > trigger in all > > accounts used for end-user access. It is a little-known but > wonderfully > > manageable bit of functionality... > > > > Hope this helps... > > > > -Tim > > -Original Message- > > Sent: Wednesday, October 01, 2003 5:19 PM > > To: Multiple recipients of list ORACLE-L > > > > > > Our security folks just sent me this. > > > > Ian MacGregor > > Stanford Linear Accelerator Center > > [EMAIL PROTECTED] > > > > -Original Message- > > Sent: Tuesday, September 30, 2003 1:35 PM > > To: [EMAIL PROTECTED] > > > > > > I've posted the presentation I gave at OracleWorld last month. This > > presentation covers writing secure code in Oracle databases and > Oracle > > Application Server. The topics covered include: > > > > Managing state > > Query parameters > > Hidden fields > > Cookies > > Cross-site scripting > > SQL Injection > > PL/SQL Injection > > Buffer overflows in EXTPROC > > Resources > > > > You can download the presentation at > > http://www.appsecinc.com/techdocs/presentations.html under the > heading > > "Writing Secure Code in Oracle Presentation". > > > > I welcome comments and criticisms. > > > > Regards, > > Aaron > > ___ > > Aaron C. Newman > > CTO/Founder > > Application Security, Inc. > > www.appsecinc.com > > Phone: 212-420-9270 > > Fax: 212-420-9680 > > - Securing Business by Securing Enterprise Applications - > > > > > > Sent: Friday, October 24, 2003 10:14 AM > > To: Multiple recipients of list ORACLE-L > > > > > > We are an Application Service Provider--we maintain a set of > servers in > > a colocation facility and our customers use our application via the > > Web. Security is a paramount concern, of course, and only our Web > > server has a public IP address, with the application and database > > servers completely private. > > > > We supply a number of standard reports, but most of our customers > want > > some custom reports as well. We would like to give them access to > our > > database, possibly over a VPN, but only if security can be > maintained. > > I'd like to know if anyone has faced such a situation, and what > kind of > > configuration (network/firewall/VPN/Oracle Net) might make such > access > > possible. > > > > TIA, > > > > > > > > = > > Paul Baumgartel > > Transcentive, Inc. > > www.transcentive.com > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product search > > http://shopping.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Paul Baumgartel > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Die
Re: VPN to database?
Arup, Thanks for the info. Can you elaborate a little on your understanding of how a client would connect their own reporting tool _directly_ to our database? Paul --- Arup Nanda <[EMAIL PROTECTED]> wrote: > Paul, > > We use Advanced Security. the product is pricey and difficult to > setup; but > once in place it's in solid footing. > > Advanced security does not replace VPN per se; it's purpose is > slightly > different and broader in scope. If you take VPN away, how do you > suppose you > will connect to the DB server, directly? Hardly. So, VPN _may_ be > required > regardless. > > Some of the uses of AS are (not exhaustive) > > 1. Encryption and Checksumming of Net8 connection between the db > server and > the app servers (and any other users connected to the db server > directly). > This is the bare minimum security manadated by HIPAA and > unfortunately > Oracle does not provide a solution as a part of the base product. You > may > not need it, though; since using intelligent subnets and using > firewalls > around the db servers can limit threats to an acceptable degree. > > 2. Single signon. We use it in our app servers (running IIS) where > the > authentication is done using certificates. Again, this is necessary > due to > the refusal of the Development group to introduce database userids > and > eliminate the application authentication. > > The second part can be addressed in a different way. Using an > application > user security model where the users supply their userid and password > to the > database for authentication will eliminate the need to have a Windows > user > to be authenticated. A simple mechanism will be to authenticate the > user > agaist the database as the very first step. If authentication fails, > the app > will not proceed further. This will eliminate the authentication of > the user > by Windows. This model has been in use on a different app here and > works > great; but on the other app, the manager insists on one > authentication on > Windows and then another on the database, hence single signon. > > HTH. > > Arup Nanda > www.proligence.com > > - Original Message - > To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> > Sent: Friday, October 24, 2003 10:09 PM > > > > Thanks, everyone, for your helpful responses. > > > > A talk with our Oracle sales droid has pointed me in the direction > of > > Oracle Advanced Security for authentication, encryption, and > integrity. > > Anyone have experience using this? We are considering using > Entrust > > SSL authentication as we already use Entrust to authenticate users > of > > our app. Would Advanced Security replace a VPN, or coexist with > it? > > > > > > > > = > > Paul Baumgartel > > Transcentive, Inc. > > www.transcentive.com > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product search > > http://shopping.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Paul Baumgartel > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Diego, California-- Mailing list and web hosting > services > > > - > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like > subscribing). > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Arup Nanda > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORA
Re: VPN to database?
Paul, We use Advanced Security. the product is pricey and difficult to setup; but once in place it's in solid footing. Advanced security does not replace VPN per se; it's purpose is slightly different and broader in scope. If you take VPN away, how do you suppose you will connect to the DB server, directly? Hardly. So, VPN _may_ be required regardless. Some of the uses of AS are (not exhaustive) 1. Encryption and Checksumming of Net8 connection between the db server and the app servers (and any other users connected to the db server directly). This is the bare minimum security manadated by HIPAA and unfortunately Oracle does not provide a solution as a part of the base product. You may not need it, though; since using intelligent subnets and using firewalls around the db servers can limit threats to an acceptable degree. 2. Single signon. We use it in our app servers (running IIS) where the authentication is done using certificates. Again, this is necessary due to the refusal of the Development group to introduce database userids and eliminate the application authentication. The second part can be addressed in a different way. Using an application user security model where the users supply their userid and password to the database for authentication will eliminate the need to have a Windows user to be authenticated. A simple mechanism will be to authenticate the user agaist the database as the very first step. If authentication fails, the app will not proceed further. This will eliminate the authentication of the user by Windows. This model has been in use on a different app here and works great; but on the other app, the manager insists on one authentication on Windows and then another on the database, hence single signon. HTH. Arup Nanda www.proligence.com - Original Message - To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Friday, October 24, 2003 10:09 PM > Thanks, everyone, for your helpful responses. > > A talk with our Oracle sales droid has pointed me in the direction of > Oracle Advanced Security for authentication, encryption, and integrity. > Anyone have experience using this? We are considering using Entrust > SSL authentication as we already use Entrust to authenticate users of > our app. Would Advanced Security replace a VPN, or coexist with it? > > > > = > Paul Baumgartel > Transcentive, Inc. > www.transcentive.com > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Paul Baumgartel > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Arup Nanda INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
Thanks, everyone, for your helpful responses. A talk with our Oracle sales droid has pointed me in the direction of Oracle Advanced Security for authentication, encryption, and integrity. Anyone have experience using this? We are considering using Entrust SSL authentication as we already use Entrust to authenticate users of our app. Would Advanced Security replace a VPN, or coexist with it? = Paul Baumgartel Transcentive, Inc. www.transcentive.com __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
I suppose it could be setup that way, but ours is not. The only way to connect to a database from a local app through the vpn ( for me anyway ) is to tunnel sqlnet through ssh. We could set it up to allow a certain range of ports through, just as we do for other apps, but I don't see any point in it, as I'm the only one that would benefit from it. :) Jared On Fri, 2003-10-24 at 14:29, Goulet, Dick wrote: > Jared, > > I'm no network guru, so take this with a ton of salt, but this is how I > believe our network admin has it setup. The VPN tunnel comes in thru the outer > firewall on a specific port to the vpn server in the DMZ. The vpn server then > spreads the ports out as needed to the inner firewall which opens up all ports on > the inside to that one server/ip address. Therefore from the applications point of > view the inside of the firewall looks the same whether your connected directly on > the local lan or coming in via VPN. And if it's that simple, I'm going to be > greatly suprised. But I will point out that if the vpn security stuff is not set up > just right or gets disturbed the whole thing shuts down better than a clam. > > Dick Goulet > Senior Oracle DBA > Oracle Certified 8i DBA > > -Original Message- > Sent: Friday, October 24, 2003 5:14 PM > To: Multiple recipients of list ORACLE-L > > > You're going through a firewall that allows port 22 to go > through and connect to your ssh daemon via the VPN. > > Port 15xx is likely being blocked, as well as the range > of ports used to create the sqlnet connections. > > I'm not a security guru, but I doubt that the firewall admins > are opening all the ports just because you're connecting > via VPN. > > I also connect through a VPN, but the only ways I know of > to connect from my local apps to a database behind the firewall > is to open up some ports ( probably won't fly ) or tunnel > the sqlnet in via ssh. > > Jared > > > On Fri, 2003-10-24 at 13:19, Todd Boss wrote: > > No, but (and forgive me for asking) why does that matter? > > > > Is sqlnet tunneling important for security reasons, or important > > for connectivity? I'm able to telnet to the box straight away. > > > > I figured that, once VPN was connected, I'd be able to run whatever > > applications I wanted locally. After not being able to get > > any Oracle client to connect, i wondered if VPN had the capability > > to transmit anything but the "lowest" level of tcp/ip protocols. > > > > boss > > > > > > > > > > > Are you tunneling sqlnet through ssh? > > > > > > http://www.akadia.com/services/ssh_install_and_use.html > > > > > > On Fri, 2003-10-24 at 08:44, Todd Boss wrote: > > > > I can tell you right now, i'm VPN'd to a client overseas and have > > > > NOT been able to get OCI to work over the protocol. I can telnet/ssh > > > > to the machine where the Oracle server runs (its Solaris) and work > > > > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > > > > version of sql*plus connected to the remote server). > > > > > > > > If there's some secret to making OCI work over VPN, we were not able > > > > to find it. > > > > > > > > boss > > > > > > > > > > > > > > We are an Application Service Provider--we maintain a set of servers in > > > > > a colocation facility and our customers use our application via the > > > > > Web. Security is a paramount concern, of course, and only our Web > > > > > server has a public IP address, with the application and database > > > > > servers completely private. > > > > > > > > > > We supply a number of standard reports, but most of our customers want > > > > > some custom reports as well. We would like to give them access to our > > > > > database, possibly over a VPN, but only if security can be maintained. > > > > > I'd like to know if anyone has faced such a situation, and what kind of > > > > > configuration (network/firewall/VPN/Oracle Net) might make such access > > > > > possible. > > > > > > > > > > TIA, > > > > > > > > > > > > > > > > > > > > = > > > > > Paul Baumgartel > > > > > Transcentive, Inc. > > > > > www.transcentive.com > > > > > > > > > > __ > > > > > Do you Yahoo!? > > > > > The New Yahoo! Shopping - with improved product search > > > > > http://shopping.yahoo.com > > > > > -- > > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > > -- > > > > > Author: Paul Baumgartel > > > > > INET: [EMAIL PROTECTED] > > > > > > > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > > > > San Diego, California-- Mailing list and web hosting services > > > > > - > > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > > (or the na
RE: VPN to database?
Yes, I will ditto the recommendation for Pete Finnigan's book. Jared On Fri, 2003-10-24 at 10:29, DENNIS WILLIAMS wrote: > Paul - We have some of the similar issues here (network/firewall/VPN/Oracle > Net). Based on your description of your business, you probably have some > competent network engineers on staff. My experience is that they routinely > handle issues like this, and you probably won't need to get involved in the > actual configuration. However, you should educate yourself in the security > issues involved so you can participate intelligently in any discussions from > the database point of view. As a starter, I am including two recent > excellent postings to this list from Tim Gorman and Ian MacGregor. Just > scroll down. > > Dennis Williams > DBA > Lifetouch, Inc. > [EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 10:25 AM > To: Multiple recipients of list ORACLE-L > > > Sandro, > > There is an excellent book on "Oracle Security" available online from > "http://www.sans.org";. Concise, organized, and prioritized. Also, Newman > and Theriault's "Oracle Security Handbook" from Oracle Press is chock full > of common sense... > > Not sure what the question about "automating the migration of stored > procedures" refers to. Could you provide more information? I don't think I > understand the problem... > > Storing password files on the database server is mainly an exercise in > ensuring that OS security and file permissions properly implemented. If you > cannot ensure that OS files are properly secured, then the entire Oracle > database is at risk, not to mention files containing clear-text passwords. > After all, one can view data within datafiles using programs other than the > Oracle RDBMS... > > The idea of creating production schemas/logins to separate object ownership > from application/end-user access is excellent. To avoid using synonyms, > consider the functionality of the "ALTER SESSION SET CURRENT_SCHEMA = > " command being executed in an AFTER LOGON trigger in all > accounts used for end-user access. It is a little-known but wonderfully > manageable bit of functionality... > > Hope this helps... > > -Tim > -Original Message- > Sent: Wednesday, October 01, 2003 5:19 PM > To: Multiple recipients of list ORACLE-L > > > Our security folks just sent me this. > > Ian MacGregor > Stanford Linear Accelerator Center > [EMAIL PROTECTED] > > -Original Message- > Sent: Tuesday, September 30, 2003 1:35 PM > To: [EMAIL PROTECTED] > > > I've posted the presentation I gave at OracleWorld last month. This > presentation covers writing secure code in Oracle databases and Oracle > Application Server. The topics covered include: > > Managing state > Query parameters > Hidden fields > Cookies > Cross-site scripting > SQL Injection > PL/SQL Injection > Buffer overflows in EXTPROC > Resources > > You can download the presentation at > http://www.appsecinc.com/techdocs/presentations.html under the heading > "Writing Secure Code in Oracle Presentation". > > I welcome comments and criticisms. > > Regards, > Aaron > ___ > Aaron C. Newman > CTO/Founder > Application Security, Inc. > www.appsecinc.com > Phone: 212-420-9270 > Fax: 212-420-9680 > - Securing Business by Securing Enterprise Applications - > > > Sent: Friday, October 24, 2003 10:14 AM > To: Multiple recipients of list ORACLE-L > > > We are an Application Service Provider--we maintain a set of servers in > a colocation facility and our customers use our application via the > Web. Security is a paramount concern, of course, and only our Web > server has a public IP address, with the application and database > servers completely private. > > We supply a number of standard reports, but most of our customers want > some custom reports as well. We would like to give them access to our > database, possibly over a VPN, but only if security can be maintained. > I'd like to know if anyone has faced such a situation, and what kind of > configuration (network/firewall/VPN/Oracle Net) might make such access > possible. > > TIA, > > > > = > Paul Baumgartel > Transcentive, Inc. > www.transcentive.com > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Paul Baumgartel > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for o
Re: VPN to database?
Paul, our favorite health care company (we both used to work there) is using Cisco VPN with SecurID tokens to grant remote access. Once you log in, you are a part of the LAN and can use tnsnames.ora on your local machine to connect to the PULSE database. No adjustments are needed on the oracle side, but one needs to have the RSA token and Cisco VPN client to connect. I must say that the whole thing worked remarkably well and was sometimes even faster then the local LAN (I have cable modem). On 10/24/2003 11:14:26 AM, Paul Baumgartel wrote: We are an Application Service Provider--we maintain a set of servers in a colocation facility and our customers use our application via the Web. Security is a paramount concern, of course, and only our Web server has a public IP address, with the application and database servers completely private. We supply a number of standard reports, but most of our customers want some custom reports as well. We would like to give them access to our database, possibly over a VPN, but only if security can be maintained. I'd like to know if anyone has faced such a situation, and what kind of configuration (network/firewall/VPN/Oracle Net) might make such access possible. TIA, = Paul Baumgartel Transcentive, Inc. www.transcentive.com __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Mladen Gogala Oracle DBA Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Mladen Gogala INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
Todd I like your "magical way". Isn't that the goal with all technology including databases? To the users it just magically works, but we elves down in the boiler room have to make the magic. If you do a great job they never know you're there. Well with a last name like yours -- hey! Where I used to work a senior manager was Spanish and his first name was Jesus (pronounced He-sus), and you never thought about it till you came back from lunch to find a note on your desk: Dennis Come see me. Jesus Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Friday, October 24, 2003 5:09 PM To: Multiple recipients of list ORACLE-L I don't know. After hearing the explanation, it very well may be. Our network guy is out (honeymoon). And my experience w/ VPN is slim. For some reason I never considered it to be "just another protocol" but rather to be a magical way that I could just appear to be on the local net to all these machines. I'll suggest the ssh tunnelling option. Todd Boss (sorry, I sometimes get colloquial and just sign my last name) > > Boss >Is this a firewall issue? > > Dennis Williams > DBA > Lifetouch, Inc. > [EMAIL PROTECTED] > > -Original Message- > Sent: Friday, October 24, 2003 10:45 AM > To: Multiple recipients of list ORACLE-L > > > I can tell you right now, i'm VPN'd to a client overseas and have > NOT been able to get OCI to work over the protocol. I can telnet/ssh > to the machine where the Oracle server runs (its Solaris) and work > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > version of sql*plus connected to the remote server). > > If there's some secret to making OCI work over VPN, we were not able > to find it. > > boss > > > > > We are an Application Service Provider--we maintain a set of servers in > > a colocation facility and our customers use our application via the > > Web. Security is a paramount concern, of course, and only our Web > > server has a public IP address, with the application and database > > servers completely private. > > > > We supply a number of standard reports, but most of our customers want > > some custom reports as well. We would like to give them access to our > > database, possibly over a VPN, but only if security can be maintained. > > I'd like to know if anyone has faced such a situation, and what kind of > > configuration (network/firewall/VPN/Oracle Net) might make such access > > possible. > > > > TIA, > > > > > > > > = > > Paul Baumgartel > > Transcentive, Inc. > > www.transcentive.com > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product search > > http://shopping.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Paul Baumgartel > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Diego, California-- Mailing list and web hosting services > > - > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Todd Boss > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: DENNIS WILLIAMS > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Todd Boss INET: [EMAIL PROTECTED] Fat City Network Serv
Re: VPN to database?
I don't know. After hearing the explanation, it very well may be. Our network guy is out (honeymoon). And my experience w/ VPN is slim. For some reason I never considered it to be "just another protocol" but rather to be a magical way that I could just appear to be on the local net to all these machines. I'll suggest the ssh tunnelling option. Todd Boss (sorry, I sometimes get colloquial and just sign my last name) > > Boss >Is this a firewall issue? > > Dennis Williams > DBA > Lifetouch, Inc. > [EMAIL PROTECTED] > > -Original Message- > Sent: Friday, October 24, 2003 10:45 AM > To: Multiple recipients of list ORACLE-L > > > I can tell you right now, i'm VPN'd to a client overseas and have > NOT been able to get OCI to work over the protocol. I can telnet/ssh > to the machine where the Oracle server runs (its Solaris) and work > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > version of sql*plus connected to the remote server). > > If there's some secret to making OCI work over VPN, we were not able > to find it. > > boss > > > > > We are an Application Service Provider--we maintain a set of servers in > > a colocation facility and our customers use our application via the > > Web. Security is a paramount concern, of course, and only our Web > > server has a public IP address, with the application and database > > servers completely private. > > > > We supply a number of standard reports, but most of our customers want > > some custom reports as well. We would like to give them access to our > > database, possibly over a VPN, but only if security can be maintained. > > I'd like to know if anyone has faced such a situation, and what kind of > > configuration (network/firewall/VPN/Oracle Net) might make such access > > possible. > > > > TIA, > > > > > > > > = > > Paul Baumgartel > > Transcentive, Inc. > > www.transcentive.com > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product search > > http://shopping.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Paul Baumgartel > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Diego, California-- Mailing list and web hosting services > > - > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Todd Boss > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: DENNIS WILLIAMS > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Todd Boss INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
Paul - We have some of the similar issues here (network/firewall/VPN/Oracle Net). Based on your description of your business, you probably have some competent network engineers on staff. My experience is that they routinely handle issues like this, and you probably won't need to get involved in the actual configuration. However, you should educate yourself in the security issues involved so you can participate intelligently in any discussions from the database point of view. As a starter, I am including two recent excellent postings to this list from Tim Gorman and Ian MacGregor. Just scroll down. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:25 AM To: Multiple recipients of list ORACLE-L Sandro, There is an excellent book on "Oracle Security" available online from "http://www.sans.org";. Concise, organized, and prioritized. Also, Newman and Theriault's "Oracle Security Handbook" from Oracle Press is chock full of common sense... Not sure what the question about "automating the migration of stored procedures" refers to. Could you provide more information? I don't think I understand the problem... Storing password files on the database server is mainly an exercise in ensuring that OS security and file permissions properly implemented. If you cannot ensure that OS files are properly secured, then the entire Oracle database is at risk, not to mention files containing clear-text passwords. After all, one can view data within datafiles using programs other than the Oracle RDBMS... The idea of creating production schemas/logins to separate object ownership from application/end-user access is excellent. To avoid using synonyms, consider the functionality of the "ALTER SESSION SET CURRENT_SCHEMA = " command being executed in an AFTER LOGON trigger in all accounts used for end-user access. It is a little-known but wonderfully manageable bit of functionality... Hope this helps... -Tim -Original Message- Sent: Wednesday, October 01, 2003 5:19 PM To: Multiple recipients of list ORACLE-L Our security folks just sent me this. Ian MacGregor Stanford Linear Accelerator Center [EMAIL PROTECTED] -Original Message- Sent: Tuesday, September 30, 2003 1:35 PM To: [EMAIL PROTECTED] I've posted the presentation I gave at OracleWorld last month. This presentation covers writing secure code in Oracle databases and Oracle Application Server. The topics covered include: Managing state Query parameters Hidden fields Cookies Cross-site scripting SQL Injection PL/SQL Injection Buffer overflows in EXTPROC Resources You can download the presentation at http://www.appsecinc.com/techdocs/presentations.html under the heading "Writing Secure Code in Oracle Presentation". I welcome comments and criticisms. Regards, Aaron ___ Aaron C. Newman CTO/Founder Application Security, Inc. www.appsecinc.com Phone: 212-420-9270 Fax: 212-420-9680 - Securing Business by Securing Enterprise Applications - Sent: Friday, October 24, 2003 10:14 AM To: Multiple recipients of list ORACLE-L We are an Application Service Provider--we maintain a set of servers in a colocation facility and our customers use our application via the Web. Security is a paramount concern, of course, and only our Web server has a public IP address, with the application and database servers completely private. We supply a number of standard reports, but most of our customers want some custom reports as well. We would like to give them access to our database, possibly over a VPN, but only if security can be maintained. I'd like to know if anyone has faced such a situation, and what kind of configuration (network/firewall/VPN/Oracle Net) might make such access possible. TIA, = Paul Baumgartel Transcentive, Inc. www.transcentive.com __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing
RE: VPN to database?
Jared, I'm no network guru, so take this with a ton of salt, but this is how I believe our network admin has it setup. The VPN tunnel comes in thru the outer firewall on a specific port to the vpn server in the DMZ. The vpn server then spreads the ports out as needed to the inner firewall which opens up all ports on the inside to that one server/ip address. Therefore from the applications point of view the inside of the firewall looks the same whether your connected directly on the local lan or coming in via VPN. And if it's that simple, I'm going to be greatly suprised. But I will point out that if the vpn security stuff is not set up just right or gets disturbed the whole thing shuts down better than a clam. Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA -Original Message- Sent: Friday, October 24, 2003 5:14 PM To: Multiple recipients of list ORACLE-L You're going through a firewall that allows port 22 to go through and connect to your ssh daemon via the VPN. Port 15xx is likely being blocked, as well as the range of ports used to create the sqlnet connections. I'm not a security guru, but I doubt that the firewall admins are opening all the ports just because you're connecting via VPN. I also connect through a VPN, but the only ways I know of to connect from my local apps to a database behind the firewall is to open up some ports ( probably won't fly ) or tunnel the sqlnet in via ssh. Jared On Fri, 2003-10-24 at 13:19, Todd Boss wrote: > No, but (and forgive me for asking) why does that matter? > > Is sqlnet tunneling important for security reasons, or important > for connectivity? I'm able to telnet to the box straight away. > > I figured that, once VPN was connected, I'd be able to run whatever > applications I wanted locally. After not being able to get > any Oracle client to connect, i wondered if VPN had the capability > to transmit anything but the "lowest" level of tcp/ip protocols. > > boss > > > > > > > Are you tunneling sqlnet through ssh? > > > > http://www.akadia.com/services/ssh_install_and_use.html > > > > On Fri, 2003-10-24 at 08:44, Todd Boss wrote: > > > I can tell you right now, i'm VPN'd to a client overseas and have > > > NOT been able to get OCI to work over the protocol. I can telnet/ssh > > > to the machine where the Oracle server runs (its Solaris) and work > > > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > > > version of sql*plus connected to the remote server). > > > > > > If there's some secret to making OCI work over VPN, we were not able > > > to find it. > > > > > > boss > > > > > > > > > > > We are an Application Service Provider--we maintain a set of servers in > > > > a colocation facility and our customers use our application via the > > > > Web. Security is a paramount concern, of course, and only our Web > > > > server has a public IP address, with the application and database > > > > servers completely private. > > > > > > > > We supply a number of standard reports, but most of our customers want > > > > some custom reports as well. We would like to give them access to our > > > > database, possibly over a VPN, but only if security can be maintained. > > > > I'd like to know if anyone has faced such a situation, and what kind of > > > > configuration (network/firewall/VPN/Oracle Net) might make such access > > > > possible. > > > > > > > > TIA, > > > > > > > > > > > > > > > > = > > > > Paul Baumgartel > > > > Transcentive, Inc. > > > > www.transcentive.com > > > > > > > > __ > > > > Do you Yahoo!? > > > > The New Yahoo! Shopping - with improved product search > > > > http://shopping.yahoo.com > > > > -- > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > -- > > > > Author: Paul Baumgartel > > > > INET: [EMAIL PROTECTED] > > > > > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > > > San Diego, California-- Mailing list and web hosting services > > > > - > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > (or the name of mailing list you want to be removed from). You may > > > > also send the HELP command for other information (like subscribing). > > > > > > > > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > -- > > > Author: Todd Boss > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > > San Diego, California-- Mailing list and web hosting services > > > - > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note
Re: VPN to database?
You're going through a firewall that allows port 22 to go through and connect to your ssh daemon via the VPN. Port 15xx is likely being blocked, as well as the range of ports used to create the sqlnet connections. I'm not a security guru, but I doubt that the firewall admins are opening all the ports just because you're connecting via VPN. I also connect through a VPN, but the only ways I know of to connect from my local apps to a database behind the firewall is to open up some ports ( probably won't fly ) or tunnel the sqlnet in via ssh. Jared On Fri, 2003-10-24 at 13:19, Todd Boss wrote: > No, but (and forgive me for asking) why does that matter? > > Is sqlnet tunneling important for security reasons, or important > for connectivity? I'm able to telnet to the box straight away. > > I figured that, once VPN was connected, I'd be able to run whatever > applications I wanted locally. After not being able to get > any Oracle client to connect, i wondered if VPN had the capability > to transmit anything but the "lowest" level of tcp/ip protocols. > > boss > > > > > > > Are you tunneling sqlnet through ssh? > > > > http://www.akadia.com/services/ssh_install_and_use.html > > > > On Fri, 2003-10-24 at 08:44, Todd Boss wrote: > > > I can tell you right now, i'm VPN'd to a client overseas and have > > > NOT been able to get OCI to work over the protocol. I can telnet/ssh > > > to the machine where the Oracle server runs (its Solaris) and work > > > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > > > version of sql*plus connected to the remote server). > > > > > > If there's some secret to making OCI work over VPN, we were not able > > > to find it. > > > > > > boss > > > > > > > > > > > We are an Application Service Provider--we maintain a set of servers in > > > > a colocation facility and our customers use our application via the > > > > Web. Security is a paramount concern, of course, and only our Web > > > > server has a public IP address, with the application and database > > > > servers completely private. > > > > > > > > We supply a number of standard reports, but most of our customers want > > > > some custom reports as well. We would like to give them access to our > > > > database, possibly over a VPN, but only if security can be maintained. > > > > I'd like to know if anyone has faced such a situation, and what kind of > > > > configuration (network/firewall/VPN/Oracle Net) might make such access > > > > possible. > > > > > > > > TIA, > > > > > > > > > > > > > > > > = > > > > Paul Baumgartel > > > > Transcentive, Inc. > > > > www.transcentive.com > > > > > > > > __ > > > > Do you Yahoo!? > > > > The New Yahoo! Shopping - with improved product search > > > > http://shopping.yahoo.com > > > > -- > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > -- > > > > Author: Paul Baumgartel > > > > INET: [EMAIL PROTECTED] > > > > > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > > > San Diego, California-- Mailing list and web hosting services > > > > - > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > (or the name of mailing list you want to be removed from). You may > > > > also send the HELP command for other information (like subscribing). > > > > > > > > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > -- > > > Author: Todd Boss > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > > San Diego, California-- Mailing list and web hosting services > > > - > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You may > > > also send the HELP command for other information (like subscribing). > > > > > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Jared Still > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Diego, California-- Mailing list and web hosting services > > - > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also s
Re: VPN to database?
No, but (and forgive me for asking) why does that matter? Is sqlnet tunneling important for security reasons, or important for connectivity? I'm able to telnet to the box straight away. I figured that, once VPN was connected, I'd be able to run whatever applications I wanted locally. After not being able to get any Oracle client to connect, i wondered if VPN had the capability to transmit anything but the "lowest" level of tcp/ip protocols. boss > > > Are you tunneling sqlnet through ssh? > > http://www.akadia.com/services/ssh_install_and_use.html > > On Fri, 2003-10-24 at 08:44, Todd Boss wrote: > > I can tell you right now, i'm VPN'd to a client overseas and have > > NOT been able to get OCI to work over the protocol. I can telnet/ssh > > to the machine where the Oracle server runs (its Solaris) and work > > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > > version of sql*plus connected to the remote server). > > > > If there's some secret to making OCI work over VPN, we were not able > > to find it. > > > > boss > > > > > > > > We are an Application Service Provider--we maintain a set of servers in > > > a colocation facility and our customers use our application via the > > > Web. Security is a paramount concern, of course, and only our Web > > > server has a public IP address, with the application and database > > > servers completely private. > > > > > > We supply a number of standard reports, but most of our customers want > > > some custom reports as well. We would like to give them access to our > > > database, possibly over a VPN, but only if security can be maintained. > > > I'd like to know if anyone has faced such a situation, and what kind of > > > configuration (network/firewall/VPN/Oracle Net) might make such access > > > possible. > > > > > > TIA, > > > > > > > > > > > > = > > > Paul Baumgartel > > > Transcentive, Inc. > > > www.transcentive.com > > > > > > __ > > > Do you Yahoo!? > > > The New Yahoo! Shopping - with improved product search > > > http://shopping.yahoo.com > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > -- > > > Author: Paul Baumgartel > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > > San Diego, California-- Mailing list and web hosting services > > > - > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You may > > > also send the HELP command for other information (like subscribing). > > > > > > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Todd Boss > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Diego, California-- Mailing list and web hosting services > > - > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Jared Still > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Todd Boss INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: VPN to database?
Are you tunneling sqlnet through ssh? http://www.akadia.com/services/ssh_install_and_use.html On Fri, 2003-10-24 at 08:44, Todd Boss wrote: > I can tell you right now, i'm VPN'd to a client overseas and have > NOT been able to get OCI to work over the protocol. I can telnet/ssh > to the machine where the Oracle server runs (its Solaris) and work > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > version of sql*plus connected to the remote server). > > If there's some secret to making OCI work over VPN, we were not able > to find it. > > boss > > > > > We are an Application Service Provider--we maintain a set of servers in > > a colocation facility and our customers use our application via the > > Web. Security is a paramount concern, of course, and only our Web > > server has a public IP address, with the application and database > > servers completely private. > > > > We supply a number of standard reports, but most of our customers want > > some custom reports as well. We would like to give them access to our > > database, possibly over a VPN, but only if security can be maintained. > > I'd like to know if anyone has faced such a situation, and what kind of > > configuration (network/firewall/VPN/Oracle Net) might make such access > > possible. > > > > TIA, > > > > > > > > = > > Paul Baumgartel > > Transcentive, Inc. > > www.transcentive.com > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product search > > http://shopping.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Paul Baumgartel > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > > San Diego, California-- Mailing list and web hosting services > > - > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Todd Boss > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
No problem here, except that it's slower if your expecting a ton of data. Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA -Original Message- Sent: Friday, October 24, 2003 11:45 AM To: Multiple recipients of list ORACLE-L I can tell you right now, i'm VPN'd to a client overseas and have NOT been able to get OCI to work over the protocol. I can telnet/ssh to the machine where the Oracle server runs (its Solaris) and work via a sql*plus window, but nothing runs locally (i.e., Toad or windows version of sql*plus connected to the remote server). If there's some secret to making OCI work over VPN, we were not able to find it. boss > > We are an Application Service Provider--we maintain a set of servers in > a colocation facility and our customers use our application via the > Web. Security is a paramount concern, of course, and only our Web > server has a public IP address, with the application and database > servers completely private. > > We supply a number of standard reports, but most of our customers want > some custom reports as well. We would like to give them access to our > database, possibly over a VPN, but only if security can be maintained. > I'd like to know if anyone has faced such a situation, and what kind of > configuration (network/firewall/VPN/Oracle Net) might make such access > possible. > > TIA, > > > > = > Paul Baumgartel > Transcentive, Inc. > www.transcentive.com > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Paul Baumgartel > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Todd Boss INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Goulet, Dick INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
Boss Is this a firewall issue? Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Friday, October 24, 2003 10:45 AM To: Multiple recipients of list ORACLE-L I can tell you right now, i'm VPN'd to a client overseas and have NOT been able to get OCI to work over the protocol. I can telnet/ssh to the machine where the Oracle server runs (its Solaris) and work via a sql*plus window, but nothing runs locally (i.e., Toad or windows version of sql*plus connected to the remote server). If there's some secret to making OCI work over VPN, we were not able to find it. boss > > We are an Application Service Provider--we maintain a set of servers in > a colocation facility and our customers use our application via the > Web. Security is a paramount concern, of course, and only our Web > server has a public IP address, with the application and database > servers completely private. > > We supply a number of standard reports, but most of our customers want > some custom reports as well. We would like to give them access to our > database, possibly over a VPN, but only if security can be maintained. > I'd like to know if anyone has faced such a situation, and what kind of > configuration (network/firewall/VPN/Oracle Net) might make such access > possible. > > TIA, > > > > = > Paul Baumgartel > Transcentive, Inc. > www.transcentive.com > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Paul Baumgartel > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Todd Boss INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: VPN to database?
I can tell you right now, i'm VPN'd to a client overseas and have NOT been able to get OCI to work over the protocol. I can telnet/ssh to the machine where the Oracle server runs (its Solaris) and work via a sql*plus window, but nothing runs locally (i.e., Toad or windows version of sql*plus connected to the remote server). If there's some secret to making OCI work over VPN, we were not able to find it. boss > > We are an Application Service Provider--we maintain a set of servers in > a colocation facility and our customers use our application via the > Web. Security is a paramount concern, of course, and only our Web > server has a public IP address, with the application and database > servers completely private. > > We supply a number of standard reports, but most of our customers want > some custom reports as well. We would like to give them access to our > database, possibly over a VPN, but only if security can be maintained. > I'd like to know if anyone has faced such a situation, and what kind of > configuration (network/firewall/VPN/Oracle Net) might make such access > possible. > > TIA, > > > > = > Paul Baumgartel > Transcentive, Inc. > www.transcentive.com > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Paul Baumgartel > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Todd Boss INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: VPN to database?
We use VPN access for work at home & off hours support. Typical configuration: Client: Broadband internet access(Comcast or the like) with NetScreen VPN Client Not sure what the firewall is. 2 & 3 tier clients work just spiffy. Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA -Original Message- Sent: Friday, October 24, 2003 11:14 AM To: Multiple recipients of list ORACLE-L We are an Application Service Provider--we maintain a set of servers in a colocation facility and our customers use our application via the Web. Security is a paramount concern, of course, and only our Web server has a public IP address, with the application and database servers completely private. We supply a number of standard reports, but most of our customers want some custom reports as well. We would like to give them access to our database, possibly over a VPN, but only if security can be maintained. I'd like to know if anyone has faced such a situation, and what kind of configuration (network/firewall/VPN/Oracle Net) might make such access possible. TIA, = Paul Baumgartel Transcentive, Inc. www.transcentive.com __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Goulet, Dick INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: VPN to database?
We're doing it as I write this for a convention taking place half-way across the country. The setup is Client: Browser (IE), Cisco VPN Client, Adobe Acrobat, JInitiator Middle tier: 9iAS rel2 Forms and Reports Server on Win2K Db tier: Oracle 8.1.7 on Win2K All servers are on our private network. The only problem we're experiencing is from sloppy network setup at the convention center...we're dropping packets and the tunnel won't stay up. =8-( But when the tunnel is up, the forms and reports work like a charm since the addresses all resolve to hosts on the internal network. One problem we did run into was printingthey have an IP printer set up on the convenion sub-net and they are not able to print to it while they have the tunnel up (of course). The have to save the .PDF's, shutdown the VPN client and then print. Cheers Jeff Herrick On Fri, 24 Oct 2003, Paul Baumgartel wrote: > We are an Application Service Provider--we maintain a set of servers in > a colocation facility and our customers use our application via the > Web. Security is a paramount concern, of course, and only our Web > server has a public IP address, with the application and database > servers completely private. > > We supply a number of standard reports, but most of our customers want > some custom reports as well. We would like to give them access to our > database, possibly over a VPN, but only if security can be maintained. > I'd like to know if anyone has faced such a situation, and what kind of > configuration (network/firewall/VPN/Oracle Net) might make such access > possible. > > TIA, > > > > = > Paul Baumgartel > Transcentive, Inc. > www.transcentive.com > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Paul Baumgartel > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jeff Herrick INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
VPN to database?
We are an Application Service Provider--we maintain a set of servers in a colocation facility and our customers use our application via the Web. Security is a paramount concern, of course, and only our Web server has a public IP address, with the application and database servers completely private. We supply a number of standard reports, but most of our customers want some custom reports as well. We would like to give them access to our database, possibly over a VPN, but only if security can be maintained. I'd like to know if anyone has faced such a situation, and what kind of configuration (network/firewall/VPN/Oracle Net) might make such access possible. TIA, = Paul Baumgartel Transcentive, Inc. www.transcentive.com __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Paul Baumgartel INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
