> On 9 Feb 2021, at 18:45, James Smith <j...@sanger.ac.uk> wrote: > > It doesn't matter what db - and whether you wrap it in eval it is a problem > (postgres has a similar problem - the one with least problems is MySQL) - if > you have a secure environment where your databases are in a firewalled zone > it will happen to all of them... It's a nasty bit of networking - it does > mean our meant to be secure enterprise level apps running against Oracle and > less secure and less stable than the other apps we have (go figure!)… 20 years ago I had exactly this argument with Amex when we wanted to use it for payment on the site I then worked for.
They said put a firewall between the app and db layerx I said it's a dedicated nic/vlan on both sides and the ONLY port that is open is the db - what is a firewall going to add to that. Eventually they agreed. Security people who say firewall firewall firewall will solve all your security issues (or even some of them) are useless. Most of them do it by the book - which should in all case just be the starting point. Just my 2p — C
