[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] oracle web site / database security
- Subject: Re: [cobalt-security] oracle web site / database security
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Fri, 13 Apr 2001 16:09:42 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
From: "Jens Kristian Søgaard" <jens@xxxxxxxxxxxxxxxxxxxx>
> If you choose to do authentication based purely on the source ip-address,
> you'll need to worry about spoofing attacks. It would be better to use
both
> the source ip-address and a password on the database.
This is what I plan on doing, as it seems to be the simplest implimentation.
The data is read-only from the web, so I'm not overly concerned about
sniffing. My only concern with spoofing attacks would be denial of service
on the oracle server (which is mission critical).
> Probably the best method would be to use an encrypted SSH tunnel using RSA
> authentication. It should be quite easy to setup such a tunnel from one
port
> on the remote server to the Oracle server on the NT box.
I agree, this would be the best solution, but I am worried about costs.
Doesn't NT have some kind of IPsec/tunneling protocols built in? Could I use
these in conjunction with open source software on my cobalt to do tunneling?
I'd appreciate someone pointing me in the right direction, with maybe a
link.
Kevin