1 2 Previous Next 17 Replies Latest reply on May 5, 2013 11:47 AM by Billy~Verreynne Go to original post
      • 15. Re: Secure Port for SqlDeveloper
        dont hak my post ;)

        Is sqldev an "allowed" tool for a secure database?

        Edited by: yxes2013 on 4.5.2013 17:26
        • 16. Re: Secure Port for SqlDeveloper
          yxes2013 wrote:
          dont hak my post ;)
          What does "hak" mean?
          Is sqldev an "allowed" tool for a secure database?
          Why would any tool be allowed or disallowed? If you care about what tool someone is using, you've designed your security inherently poorly.

          • 17. Re: Secure Port for SqlDeveloper
            sybrand_b wrote:

            Iptables is a pretty awful piece of software. Hard to understand, hard to manage, badly documented.
            The way I see it, the reason for that is that networks are complex. Dealing with network security is complex. Not because iptables itself the problem.

            To put it into an Oracle perspective. Kind of like a Java developer understanding SQL and then thinking he can DBA the database, as after all it contains SQL tables and runs SQL. So how hard can it be? So for us who are not real world and experienced network engineers, claiming that we should be able to easily understand and use iptables, would be like that Java developer claiming that SQL experience makes him capable of not only DBA an Oracle database, but also Oracle RAC, based on SQL experience.

            I think we need to acknowledge that network engineering is very technical and very complex - and we cannot simply claim to be able to deal with something like iptables on an extensive level. Blocking ports and subnets, allowing ports and subnets, are about the extent that a developer/DBA that understand networking is capable of when using iptables.
            It might do the job ok.
            But it's management is non-intuitive and a piece of black art.
            Heck, most people do not even understand how to tunnel using ssh. So no big surprise that iptables seems to be black art. I'm not going to claim I understand all of iptables capabilities and features - but I've used it as a standard firewall and a NAT firewall for some years now. And it is robust and does the job better than ok.

            If iptables complexity is an issue, then there are "abstraction" interfaces for it - like Shorewall.
            1 2 Previous Next