Oracle-L: Re[2]: [Q] security between Cold fusion and oracle database?

From: <dgoulet_at_vicr.com>
Date: Tue, 27 Aug 2002 06:23:29 -0800
Message-ID: <F001.004C0349.20020827062329@fatcity.com>

Take a close look at your firewall software. Many vendors have an Oracle SQL*Net configuration that will only allow a SQL*Net connection on the port of choice. This I have seen is rather effective as a telnet request is rejected quickly.

Dick Goulet

____________________Reply Separator____________________
Author: Peter.McLarty_at_mincom.com
Date:       8/26/2002 8:38 PM

Basic firewall rule
make sure your firewall rules only allow trusted servers to access ports or in this case make sure the host that is the coldfusion server is the only one allowed to connect on that port.

and changing the port to a non default value will assist. it is no guarantee of security. It will just take them a lot longer to work out what is on the other side of the firewall at that port.

Cheers

Peter McLarty               E-mail: Peter.Mclarty_at_mincom.com
Technical Consultant        WWW: http://www.mincom.com
APAC Technical Services     Phone: +61 (0)7 3303 3461
Brisbane,  Australia        Mobile: +61 (0)402 094 238
                            Facsimile: +61 (0)7 3303 3048
=================================================

A great pleasure in life is doing what people say you cannot do.

Walter Bagehot (1826-1877 British Economist)
Mincom "The People, The Experience, The Vision"

This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please delete it and notify the sender. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise.

"dist cash" <mccdba_at_hotmail.com>
Sent by: root_at_fatcity.com
27-08-2002 07:41 AM
Please respond to ORACLE-L

        To:     Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
        cc: 
        Fax to: 
        Subject:        [Q] security between Cold fusion and oracle database?

We have ORACLE 8.1.7 on NT server. users can through Internet Cold fusion server (with ODBC) access ORACLE database. Between Cold fusion server and ORACLE server their has firewall on it. The firewall only open port 1521 to allow ODBC access to ORACLE database. We are worry the hacker may hack into ORACLE database (even firewall their) and plan to change port from 1521 to XXXX. Is this way improve security?

We are NOT plan to buy ORACLE advance security module. Does their has other way to improve security between Cold fusion server to ORACLE server?

Thanks.

Chat with friends online, try MSN Messenger: http://messenger.msn.com

--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: dist cash
INET: mccdba_at_hotmail.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists


--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message

to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).

--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author:
INET: Peter.McLarty_at_mincom.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists


--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists


--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message