RE: xml access how to set up security access etc
- From: "Justin Cave (DDBC)" <jcave@xxxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 12 May 2004 14:44:23 -0600
=20
What do you mean "the supplier of the site takes care of security on his
side"? Security needs to be implemented at both side of this sort of
setup to prevent unauthorized people from submitting reservations to
your system. You also need to have a way to ensure that reservations
are non-repudiatable, basically that you can prove that reservation
requests came from the supplier the message claims to come from.
I don't see how you can get close to this with just a database-- an
application server seems like an absolutely necessary component here.
You'll probably want to expose a web service to the internet that allows
customers to submit their XML request, validates it, and passes the
request to the database. Opening up a connection to a database on the
internet would create pretty significant security concerns that would
be, in my opinion, impossible to address. Plus, you want layers of
security in this sort of system, which necessitates extra tiers.
One note about your comment on wanting the application server for other
development purposes. Since you will be deploying this application
server outside the intranet firewall in the DMZ, it won't be appropriate
to deploy internal-only applications there. You would want an
application server inside the intranet firewall to handle those
applications.
Justin Cave
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Jeroen van Sluisdam
Sent: Wednesday, May 12, 2004 1:10 PM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: xml access how to set up security access etc
Hi,
=20
I'm asked to give an opinion about how to connect an external internet
site To an oracle database. The supplier of the site takes care of
security on his side, wants to connect via xml through the internet to a
machine inside our network new to be built translator service (.net) and
from this connection point Probably will go through odbc or something to
our production environment.
=20
I have proposed to write the interface on our site in xml with oracle
tools, to set up Oracle application server on our side ( I want to
acquire and set up this also for other Developments). Supplier states
this appserver is not necessary. I say yes in order To manage security,
performance. This production database is used for internal and External
reservationsystems at this time.=20
=20
This new site is for suppliers to provide Stock. Expected is the first
year up to 200 suppliers minimum. Widely spread during the Day
connections with limited functionality (as far as I'm concerned) This
200 users possibly goes up To 600 or 1000 next 2 years. I have already
about 400 to 500 users online through reservations systems
(3 tier managed by Mts) and directly about 100 2-tier users.
=20
I need concrete do and don'ts concerning architecture about directly
acces through xml with appserver or xml without appserver Or .net As far
as I'm concerned xml is open standard and everybody can compose xml
messages through an editor and yes We can implement quite some security
in a firewall but that's static, difficult to maintain and possibly
dangerous because The external site is not under our control. If you
have experience in setting this up and know something about the Effort
it takes please let me know. I need more concrete arguments to state my
proposal because I need the investment approved.
=20
Thanks a lot for your response,
=20
Regards,
=20
Jeroen=20
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
