"From: Eric Eigenfeld <ee @
hooked .
net>
Date: Thu, 8 Dec 1994 22:51:37 -0800
Subject: SQL-Net across firewall
"What are the implications of allowing SQL*Net (or similar)
service across a firewall (tis fwtk)?"
In general, I'd think it could be catastrophic.
This would allow a person to, at the very least, query your databases.
At the very worst, they could gain DBA access, and
(a) rewrite your database with arbitrary data, or
(b) have your database generate checks to numbered
accounts in Switzerland, or
(c) totally erase it, forcing you to spend valuable
hours or days restoring it, or
(d) they could exercise options (b), (a), and (c),
in that order, the better to muddle the trail.
Having worked for both Oracle and Ingres, I can say that database security
is not a strong point in the design of most databases, and they tend to be
very trusting of networks and operating systems. ( As well they should ...
it's enough work getting a high-level sort algorithm to work without under-
-taking fixing all of the problems in the platform's OS and networking infra-
-structure. )
-- richard
Pontius Pilate was politically correct. So was Benedict Arnold.
So was Mssr Quisling ...
richard childers san francisco, california pascal @
netcom .
com
|
|
