On 7/24/06, Matthew Zito <mzito@xxxxxxxxxxx> wrote:
Bad things about this: There's a lot:
- All of your mission-critical traffic has to go through this bluelane box. If it goes down, your applications stop. If it gets too busy, it's a performance hit.
- If someone can connect "around" or not through the bluelane box, they can still hack the database
- The vast majority of database patches are not security patches, but stability patches - this solution does nothing for that.
- It doesn't protect against vulnerabilities that can be executed directly against the database from the server its running on
- If you're encrypting your traffic from your database clients to the database to improve enhanced security, the bluelane box cannot "see" inside the traffic (unless they're doing some very difficult and insecure engineering hoops internally, I'm not 100% sure)
All very good points - Thanks Matt.
Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist