Home » RDBMS Server » Security » Security - What if a hacker reach to log on our middle-tier machine?
Security - What if a hacker reach to log on our middle-tier machine? [message #61335] Thu, 15 April 2004 05:50 Go to next message
Patrick Tahiri
Messages: 119
Registered: January 2004
Senior Member
Hi,

I would like to know how to protect my databases if a hacker could log on or come through on our web server environment?

I have a web server which is working as a middle-tier between our customers (via Internet) and our databases!

If a hacker can log on my web servers, he can use the info on the ODBC or JDBC to connect to my Oracle Databases and drop tables or corrupt my databases!! :(

How could I avoid someone who came through illegaly on my web server to connect further to my database servers?? Do you know different technics to reach this level of security?

Thank you for your help!

Regards,

Patrick Tahiri.
Re: Security - What if a hacker reach to log on our middle-tier machine? [message #61341 is a reply to message #61335] Thu, 15 April 2004 09:06 Go to previous messageGo to next message
Thiru
Messages: 1089
Registered: May 2002
Senior Member
Patrick,
have a look at this article Internet DB Security

-Thiru
Re: Security - What if a hacker reach to log on our middle-tier machine? [message #61354 is a reply to message #61341] Fri, 16 April 2004 01:21 Go to previous messageGo to next message
Patrick Tahiri
Messages: 119
Registered: January 2004
Senior Member
Thank you Thiru!!

Something else:
We have a web application server that use a connection string with the username and the password: is there a way to "hide" or encrypt the password so that only the compiled application can read the password??
What if I have a shell script containing a connection string? Is there a technique to hide and encrypt the connection string or part of it (for exemple only the password and the username..)?

Many thanks for your help!

Regards,

Patrick Tahiri.
Re: Security - What if a hacker reach to log on our middle-tier machine? [message #61380 is a reply to message #61354] Mon, 19 April 2004 13:06 Go to previous message
Thiru
Messages: 1089
Registered: May 2002
Senior Member
Patrick,
the passwords are encrypted by default,by Net8. But for encrypting the whole connection string,you will need to consider Advanced Security option.

-Thiru
Previous Topic: N-Tier Authentication (Oracle 8i)
Next Topic: password
Goto Forum:
  


Current Time: Tue Mar 19 05:06:31 CDT 2024