Hey Jared, > As for connecting to the internet, someone will have to explain > to me why this is such an issue. The data sent is innocuous AFAIK. Do you need to prove that to an auditor? I don't yet, but I'm curious... > How is is different that databases that email you an alert when > an alert log error is found? Or using UTL_SMTP to send email > from the database? Our email is internal. The security is setup to mitigate risk of external emails being sent should there be a breach. We're not (easily?) able to do that for outgoing http/ftp/rsync/etc. protocols. Bandwidth is another concern, albeit probably not much of one. Downgrade that one to "unknown/untested". My main concern that there didn't seem to be much in the way of detailed documentation on OCM's internals. It's a trust issue for me. And, frankly, given my experience with Oracle Corp's tools, that trust has not yet been earned. (they're trying real hard though with APEX, IMHO!) I also have not been shown any value for what seems to be a substantial amount of investigation and work on my end. We don't have many Oracle DBs. It just doesn't make good fiscal sense to me. Thoughts? Rich -- //www.freelists.org/webpage/oracle-l