Arup,
Thanks for the info. Can you elaborate a little on your understanding
of how a client would connect their own reporting tool _directly_ to
our database?
Paul
- Arup Nanda <orarup_at_hotmail.com> wrote:
> Paul,
>
> We use Advanced Security. the product is pricey and difficult to
> setup; but
> once in place it's in solid footing.
>
> Advanced security does not replace VPN per se; it's purpose is
> slightly
> different and broader in scope. If you take VPN away, how do you
> suppose you
> will connect to the DB server, directly? Hardly. So, VPN _may_ be
> required
> regardless.
>
> Some of the uses of AS are (not exhaustive)
>
> 1. Encryption and Checksumming of Net8 connection between the db
> server and
> the app servers (and any other users connected to the db server
> directly).
> This is the bare minimum security manadated by HIPAA and
> unfortunately
> Oracle does not provide a solution as a part of the base product. You
> may
> not need it, though; since using intelligent subnets and using
> firewalls
> around the db servers can limit threats to an acceptable degree.
>
> 2. Single signon. We use it in our app servers (running IIS) where
> the
> authentication is done using certificates. Again, this is necessary
> due to
> the refusal of the Development group to introduce database userids
> and
> eliminate the application authentication.
>
> The second part can be addressed in a different way. Using an
> application
> user security model where the users supply their userid and password
> to the
> database for authentication will eliminate the need to have a Windows
> user
> to be authenticated. A simple mechanism will be to authenticate the
> user
> agaist the database as the very first step. If authentication fails,
> the app
> will not proceed further. This will eliminate the authentication of
> the user
> by Windows. This model has been in use on a different app here and
> works
> great; but on the other app, the manager insists on one
> authentication on
> Windows and then another on the database, hence single signon.
>
> HTH.
>
> Arup Nanda
> www.proligence.com
>
> ----- Original Message -----
> To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>
> Sent: Friday, October 24, 2003 10:09 PM
>
>
> > Thanks, everyone, for your helpful responses.
> >
> > A talk with our Oracle sales droid has pointed me in the direction
> of
> > Oracle Advanced Security for authentication, encryption, and
> integrity.
> > Anyone have experience using this? We are considering using
> Entrust
> > SSL authentication as we already use Entrust to authenticate users
> of
> > our app. Would Advanced Security replace a VPN, or coexist with
> it?
> >
> >
> >
> > =====
> > Paul Baumgartel
> > Transcentive, Inc.
> > www.transcentive.com
> >
> > __________________________________
> > Do you Yahoo!?
> > The New Yahoo! Shopping - with improved product search
> > http://shopping.yahoo.com
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: Paul Baumgartel
> > INET: treegarden_at_yahoo.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting
> services
> >
> ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like
> subscribing).
> >
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Arup Nanda
> INET: orarup_at_hotmail.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Paul Baumgartel
INET: treegarden_at_yahoo.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Mon Oct 27 2003 - 11:19:57 CST
