Hi We are redesigning our security framework in the usual manner, that is (from the outside in) a firewall, an app server zone and then an Oracle database zone. We have also proposed a "mixed" zone, or zones, that may hold our mainframe, Windows file services and possibly data marts - facilities that may have different security requirements from the highly secure operational databases. There are three types of clients attempting to enter our secure area: 1. web based services 2. authourized maintainers - sys admins, DBAs 3. client/server apps which all require different levels of control and access. Are there any documents or books anyone can recommend that discuss how best to handle security in such an environment. I am a DBA and I just want to have a better understanding of the issues. In the end I am only responsible for securing the database and the box's OS but I want to understand the larger issues. Thanks, Ben ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------