Re: Oracle Security Blasted
- From: Ray Stell <stellr@xxxxxxxxxx>
- To: oracle-l <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 10 Oct 2005 12:03:12 -0400
How many here responded, in your house, wrt this thread? Why/why not?
Oracle's security approach forces admins to rely on the firewall as
the last line of defense; as if apps should be allowed to be wholey,
as if this is somebody elses problem.
Let me just say, I hate the fact that my firewall is the last line of
defense. When it gets breached (not if), I'll want the app to be secure
and that will be a dba problem. So, why should dba types not ping their
management to request Oracle Corp to get real? An ounce of prevention...
Oracle Corp activity seems reminiscent of the old Steve Martin Watergate
routine, "What Nixon really needed was a banjo." If you remember that
you have me sympathy.
On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> Our security officer sent me this.
>
> Title: David Litchfield writes an open letter to the security community
> and Oracle customers
> Author: Pete Finnigan
> Source: Pete Finnigan's Oracle security weblog
>
> Excerpt:
>
> David is calling for Oracle customers to contact Oracle and demand a
> better security service and those customers should demand fixes. Cesars
> comments mirror those of David with some comparisons to Microsoft a few
> years ago and he also threatens to release a 0day remote exploit.
>
> For complete article see:
> http://www.petefinnigan.com/weblog/archives/00000576.htm
> http://www.securityfocus.com/archive/1/412666/30/0/threaded
> http://www.argeniss.com/products.html
>
> Ian MacGregor
> Stanford Linear Accelerator Center
> --
> //www.freelists.org/webpage/oracle-l
============================================================
Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D
--
//www.freelists.org/webpage/oracle-l
Other related posts:
