Re: Connect to Oracle DB from Web
- From: "Richard Ji" <richard.c.ji@xxxxxxxxx>
- To: post.ethan@xxxxxxxxx
- Date: Sat, 25 Mar 2006 00:38:00 -0500
Ethan,
Not mean to be picky or anything, but your subject says connect to
Oracle from web, while inside you said from the web server. There is
quite a difference here. From the web server is just one or few
servers but from the web means any IPs. Web server usually sits in a
DMZ zone (google on DMZ will give you a lot of information) and there
is usally a firewall between web server (since it most subject to
hacking) and the rest like DB. In that case, opening only port 1521
for the DB server to allow web server to connect will suffice. If
they have an applet that needs to connect to DB. Since applet are
generally only allowed to be connect back to the server which it came
from, in this case it's the web server. You should look into Oracle
connection manager. Or signed the applet so it can connect directly
back to DB.
HTH
Richard Ji
On 3/24/06, Ethan Post <post.ethan@xxxxxxxxx> wrote:
>
> I know there has been some discussion here in the past regarding what you
> need to do to your firewall to allow connections from the web server to an
> Oracle database. I have a situation where someone is requesting this. I have
> advised that this is likely not a good idea since I *think* you have to
> pretty much open up the firewall for all traffic to achieve this. However, I
> have not stayed up on this and have never been very good at it, so can
> anyone point me to some security papers etc...that would talk about the whys
> and why nots of allowing direct public web access to the DB. Perhaps
> something that explains the *mechanics* that make going through a midtier
> safer?
>
>
> - Ethan
--
//www.freelists.org/webpage/oracle-l
Other related posts:
