RE: xml access how to set up security access etc
- From: Jeroen van Sluisdam <jeroen.van.sluisdam@xxxxxxxxxx>
- To: "'oracle-l@xxxxxxxxxxxxx'" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 13 May 2004 08:33:13 +0200
I meant that we have a supplier offering to be a new website, host this
website, makes a
connection through the internet, passes a firewall in our company, makes a
connection to our backoffice.
We have to built the connection on the backoffice. Supplier wants to get in
through xml, built a translation
webservice on our side extra that will call the backoffice procedures
through .net (probably something like
odbc)
I need concrete arguments to convince management that
a) better to build backoffice procedures in xml so you don't need the
translation service built by the supplier
b) I need an application server to manage security
c) ....
Tnx,
Jeroen
-----Oorspronkelijk bericht-----
Van: Justin Cave (DDBC) [mailto:jcave@xxxxxxxxxxx]
Verzonden: Wednesday, May 12, 2004 10:44 PM
Aan: oracle-l@xxxxxxxxxxxxx
Onderwerp: RE: xml access how to set up security access etc
=20
What do you mean "the supplier of the site takes care of security on his
side"? Security needs to be implemented at both side of this sort of setup
to prevent unauthorized people from submitting reservations to your system.
You also need to have a way to ensure that reservations are
non-repudiatable, basically that you can prove that reservation requests
came from the supplier the message claims to come from.
I don't see how you can get close to this with just a database-- an
application server seems like an absolutely necessary component here. You'll
probably want to expose a web service to the internet that allows customers
to submit their XML request, validates it, and passes the request to the
database. Opening up a connection to a database on the internet would
create pretty significant security concerns that would be, in my opinion,
impossible to address. Plus, you want layers of security in this sort of
system, which necessitates extra tiers.
One note about your comment on wanting the application server for other
development purposes. Since you will be deploying this application server
outside the intranet firewall in the DMZ, it won't be appropriate to deploy
internal-only applications there. You would want an application server
inside the intranet firewall to handle those applications.
Justin Cave
Distributed Database Consulting, Inc. http://www.ddbcinc.com/askDDBC
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Jeroen van Sluisdam
Sent: Wednesday, May 12, 2004 1:10 PM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: xml access how to set up security access etc
Hi,
=20
I'm asked to give an opinion about how to connect an external internet site
To an oracle database. The supplier of the site takes care of security on
his side, wants to connect via xml through the internet to a machine inside
our network new to be built translator service (.net) and from this
connection point Probably will go through odbc or something to our
production environment. =20 I have proposed to write the interface on our
site in xml with oracle tools, to set up Oracle application server on our
side ( I want to acquire and set up this also for other Developments).
Supplier states this appserver is not necessary. I say yes in order To
manage security, performance. This production database is used for internal
and External reservationsystems at this time.=20 =20 This new site is for
suppliers to provide Stock. Expected is the first year up to 200 suppliers
minimum. Widely spread during the Day connections with limited functionality
(as far as I'm concerned) This 200 users possibly goes up To 600 or 1000
next 2 years. I have already about 400 to 500 users online through
reservations systems (3 tier managed by Mts) and directly about 100 2-tier
users. =20 I need concrete do and don'ts concerning architecture about
directly acces through xml with appserver or xml without appserver Or .net
As far as I'm concerned xml is open standard and everybody can compose xml
messages through an editor and yes We can implement quite some security in a
firewall but that's static, difficult to maintain and possibly dangerous
because The external site is not under our control. If you have experience
in setting this up and know something about the Effort it takes please let
me know. I need more concrete arguments to state my proposal because I need
the investment approved. =20 Thanks a lot for your response, =20 Regards,
=20 Jeroen=20
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
