I still get questions why I need privs to install Oracle software. My answer is" if you want it installed without privs talk to Oracle, until then, that's what I need" I'm not well liked;-) sent from my Windows Phone Bill"shrek" thater Oracle DBA Shrekdba@xxxxxxxxx "one ping to rule them all One ping to find them One ping to bring them all And in the mutex bind them!" ------------------------------ From: Nuno Souto Sent: 1/16/2014 2:42 AM Cc: Oracle L Subject: Re: Question re security On 16/01/2014 5:49 PM, david@xxxxxxxxxxxxxxxxxxxx wrote: Thanks! Good to see my opinion is shared by someone. The problem is when kids with no experience whatsoever of running IT sites are given free hand in coming up with security strategies and such. I mean, when a network "expert" claims a database is not secure because the listener is not using the usual 1521 port and does not ask for a password upfront, the only comment I can possibly offer is: "go take an Oracle 101 and a network 101 course and AFTER that, let's see if you still think that way". -- Cheers Nuno Soutodbvision@xxxxxxxxxxxx >Who here has database servers, app servers, admin and dev workstations, >each in its own subnet (4 subnets), >with firewalls between each subnet, >all inside the company's intranet? >I'd just like to know why and what security expectations, imperatives, >constraints/conditions are being addressed/resolved by such a setup? It depends on what you’re trying to protect. If it’s nuclear launch codes then yes – defence in depth – which this config is a typical example of – is the way to go. If the data is a list of recipes for cupcakes though this would indeed be overkill :) Cheers, David