Security issues exposing database SID?

From: McPeak, Matt (Consultant) <"McPeak,>
Date: Wed, 3 Apr 2019 19:15:17 +0000
Message-ID: <BN6PR04MB0547DC266355D361933FE9EEDD570_at_BN6PR04MB0547.namprd04.prod.outlook.com>

We are considering exposing a webservice both internally and externally.

For support reasons, we would like the response payload to include the database SID that the service is connected to. This makes it easier for us to debug issues in development environments where systems and services are not always pointing where they should be.

However, since the service may be exposed externally, we are concerned about the security ramifications of having our database SID known to the world.

What are the security risks of exposing your SID, if any?
Would using DBID (i.e., v$database.dbid) be better?

Thanks in advance!

Matt

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Apr 03 2019 - 21:15:17 CEST

This message: [ Message body ]
Next message: Mark W. Farnham: "RE: Security issues exposing database SID?"
Previous message: Mladen Gogala: "Re: Cartesian joins"
Next in thread: Mark W. Farnham: "RE: Security issues exposing database SID?"
Maybe reply: Mark W. Farnham: "RE: Security issues exposing database SID?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message