From: "Jens Kristian Søgaard" <[EMAIL PROTECTED]>
> If you choose to do authentication based purely on the source ip-address,
> you'll need to worry about spoofing attacks. It would be better to use
both
> the source ip-address and a password on the database.
This is what I plan on doing, as it seems to be the simplest implimentation.
The data is read-only from the web, so I'm not overly concerned about
sniffing. My only concern with spoofing attacks would be denial of service
on the oracle server (which is mission critical).
> Probably the best method would be to use an encrypted SSH tunnel using RSA
> authentication. It should be quite easy to setup such a tunnel from one
port
> on the remote server to the Oracle server on the NT box.
I agree, this would be the best solution, but I am worried about costs.
Doesn't NT have some kind of IPsec/tunneling protocols built in? Could I use
these in conjunction with open source software on my cobalt to do tunneling?
I'd appreciate someone pointing me in the right direction, with maybe a
link.
Kevin
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
