RE: Question re security
- From: "Patterson, Joel" <jpatterson@xxxxxxxxxx>
- To: "shrekdba@xxxxxxxxx" <shrekdba@xxxxxxxxx>, Nuno Souto <dbvision@xxxxxxxxxxxx>
- Date: Thu, 16 Jan 2014 11:35:11 -0500
Not sure about this year, but the last few years, it was insisted to use a
password with the listener.
No amount of docs or logic prevailed.
I never know what to expect. Indeed the old faces are out and are replaced
with new faces. The new faces are now younger than the old faces... :)
Joel Patterson
Database Administrator
904 928-2790
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of bill thater
Sent: Thursday, January 16, 2014 10:51 AM
To: Nuno Souto
Cc: Oracle L
Subject: RE: Question re security
I still get questions why I need privs to install Oracle software. My answer
is" if you want it installed without privs talk to Oracle, until then, that's
what I need" I'm not well liked;-)
sent from my Windows Phone
Bill"shrek" thater Oracle DBA
Shrekdba@xxxxxxxxx<mailto:Shrekdba@xxxxxxxxx>
"one ping to rule them all
One ping to find them
One ping to bring them all
And in the mutex bind them!"
________________________________
From: Nuno Souto
Sent: 1/16/2014 2:42 AM
Cc: Oracle L
Subject: Re: Question re security
On 16/01/2014 5:49 PM,
david@xxxxxxxxxxxxxxxxxxxx<mailto:david@xxxxxxxxxxxxxxxxxxxx> wrote:
Thanks! Good to see my opinion is shared by someone.
The problem is when kids with no experience whatsoever of running IT sites are
given free hand in coming up with security strategies and such.
I mean, when a network "expert" claims a database is not secure because the
listener is not using the usual 1521 port and does not ask for a password
upfront, the only comment I can possibly offer is:
"go take an Oracle 101 and a network 101 course and AFTER that, let's see if
you still think that way".
--
Cheers
Nuno Souto
dbvision@xxxxxxxxxxxx<mailto:dbvision@xxxxxxxxxxxx>
>Who here has database servers, app servers, admin and dev workstations,
>each in its own subnet (4 subnets),
>with firewalls between each subnet,
>all inside the company's intranet?
>I'd just like to know why and what security expectations, imperatives,
>constraints/conditions are being addressed/resolved by such a setup?
It depends on what you're trying to protect. If it's nuclear launch codes then
yes - defence in depth - which this config is a typical example of - is the way
to go. If the data is a list of recipes for cupcakes though this would indeed
be overkill
:)
Cheers,
David
--
Joel Patterson
Sr. Database Administrator | Enterprise Integration
Phone: 904-928-2790 | Fax: 904-733-4916
www.entint.com<http://www.entint.com/>
[http://i1202.photobucket.com/albums/bb367/Entint/signaturev61.jpg]<http://www.entint.com/>
[http://i1202.photobucket.com/albums/bb367/Entint/th_FaceBook1.jpg]<http://www.facebook.com/pages/Enterprise-Integration/212351215444231>
[http://i1202.photobucket.com/albums/bb367/Entint/th_Twitter1.jpg]
<http://twitter.com/#!/entint>
[http://i1202.photobucket.com/albums/bb367/Entint/th_LinkedIn1.jpg]
<http://www.linkedin.com/company/18276?trk=tyah>
[http://i1202.photobucket.com/albums/bb367/Entint/th_YouTube1.jpg]
<http://www.youtube.com/user/ValueofIT>
This message (and any associated files) is intended only for the use
of the addressee and may contain information that is confidential,
subject to copyright or constitutes a trade secret. If you are not the
intended recipient, you are hereby notified that any dissemination,
copying or distribution of this message, or files associated with this
message, is strictly prohibited. If you have received this message in
error, please notify us immediately by replying to the message and
deleting it from your computer. Messages sent to and from us may be
monitored. Any views or opinions presented are solely those of the
author and do not necessarily represent those of the company. [v.1.1]
Other related posts:
