> We are looking into the possibility of hosting our oracle in a Oracle > hosting company. What are the Security issues I should look into ?
You'll need a knowledgable company. If it has certified Oracle DBAs: good. But don't just go by that piece of paper, since DBAs are not always the most security minded people around. If you are able log into one of their databases using one of the standard oracle users, get out of there, try another company. Ask them about their security policies. What did they do to harden the standard install and why? Which edition (Standard, Enterprise?) do they use, what options do they have installed, and why? Which version are they running, and why. On what platform? Did they harden the operating system as well? Which patches did they install, and why? There are at least two vulnerabilities in Oracle 8i (8.1.5/8.1.6/8.1.7) that I am aware of: a denial of service attack and a buffer overflow condition that would allow an attacker to execute arbitrary code on the host system. Are they using one Oracle instance to host multiple customers or does each customer get their own instance? Do you get your own ORACLE_HOME? If so, you can finetune it to meet your security requirements. Do they offer SSL for communication with the database? Just a few things I can think of early in the morning. Have a look at Oracle's TechNet: http://technet.oracle.com/ Registration required, but free. Lots of info there. If you have access (me thinks you need to be certified partner or something similar) to it, try Oracle Metalink as well. Just my 25c :) Cya Jonathan
