Re: Unwanted SQL Developer inverse connection storming
From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Tue, 09 Apr 2013 16:37:37 -0600
Message-ID: <51649831.1000405_at_gmail.com>
On 09/04/2013 3:45 PM, Wayne Smith wrote:
> While I don't buy a significant performance hit, the multitude of security
> implications make this feature a bad idea,
It might be a good idea to list some of the Security implications to help Jeff get the business proposal in to expose a control to make this optional.
Date: Tue, 09 Apr 2013 16:37:37 -0600
Message-ID: <51649831.1000405_at_gmail.com>
On 09/04/2013 3:45 PM, Wayne Smith wrote:
> While I don't buy a significant performance hit, the multitude of security
> implications make this feature a bad idea,
It might be a good idea to list some of the Security implications to help Jeff get the business proposal in to expose a control to make this optional.
For example: an organization might log all outgoing traffic, such as the TNSPING request. The details of that log tell anyone looking at it that there is potentially an Oracle environment 'on that machine, at that port' and possibly 'using that SID or service name'. Industrial Hackers pay for that kind of info.
/Hans
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Apr 10 2013 - 00:37:37 CEST