RE: 9ias Vs IIS

Thu, 29 Nov 2001 07:18:35 -0800 



Just do a search for "IIS security issues" on google, also check out
Gartner's web site. There was an article about a month ago where Gartner
actually recommended to stay away from IIS for shops that are not already
running it ...




"Sunny Verghese" <[EMAIL PROTECTED]> on 11/28/2001 11:03:37 PM

Please respond to [EMAIL PROTECTED]

To:   Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:    (bcc: Val Gamerman/Victoria Financial)





Thanks for you inputs.
I'd like some concrete data on Security issues with IIS. Do you know of any
sites for this ??? You know how it is, I can't just go to management and
tell them that it's not very secure, I need to prove it with data (To make
this all the more interesting I'm contracting with a state agency right
now... you can imagine the managers there....... No offense to any State
"managers" in this group :-) !!!)
>From: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: 9ias Vs IIS
>Date: Wed, 28 Nov 2001 15:00:26 -0800
>
>I'm not a web expert either ... we're just starting to look at
web-enabling
>our forms.
>
>But one big potential drawback to using IIS would be security issues.
It's
>the most-targeted and most-hacked server out there.  Someone will need to
>be
>applying patches constantly and hoping for the best.
>
>Ask the new guys when was the last time they had to deal with a
>security/hacker problem with your current 9iAS/Apache setup. :-)  Not that
>it can't be hacked ... but the hackers tend to focus on the easiest
target.
>
> > -----Original Message-----
> > From: Sunny Verghese [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, November 28, 2001 2:14 PM
> > To: Multiple recipients of list ORACLE-L
> > Subject: 9ias Vs IIS
> >
> >
> > Briefly, our current setup includes Web enabled forms (PL/SQL
> > Cartridges)
> > accessing an 8i database via 9ias (currently OAS 4.2 but will
> > be moving to
> > 9ias in a month). Btw, we also use ORACLE APPS (11i) using
> > the same Web
> > Server (apps and ias handled by another dba... thankfully :-) ......)
> >
> > For a new system (requirement : ability for customers to
> > upload files (xml,
> > fixed format text file or spreadsheet, or enter data via a
> > form. Need only
> > specific people to be able to upload these files. Files need to be
> > transmitted and saved securely...... Digital signature ?.
> > These files could
> > be required later (Law suit)) that we are looking at, a
> > couple of new guys
> > (who believe that the Sun rises and sets because of Microsoft
> > !!!!) are
> > proposing using IIS --> ASP --> OEMDB --> ORACLE database
> > (existint DB).
> > They also have a problem with IIS --> JSP --> JDBC --> ORACLE
> > DB (they claim
> > JSP would be an overhead on IIS and would slow it down)
> >
> > I don't know the web stuff well enough (Obviously :-) !!!) to
> > see the holes
> > (if any) in this approach. Their complaint is that 9ias is
> > slow (or in their
> > words, ORACLE should stay with databases and not get into the
> > Web server
> > world !!!)
> >
> > Opinions / Info that would help ?????
> >
> > Thanks,
> > Sunny
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
>http://explorer.msn.com/intl.asp
>
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Sunny Verghese
>   INET: [EMAIL PROTECTED]
>
>Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
>San Diego, California        -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from).  You may
>also send the HELP command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author:
>   INET: [EMAIL PROTECTED]
>
>Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
>San Diego, California        -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from).  You may
>also send the HELP command for other information (like subscribing).

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Sunny Verghese
  INET: [EMAIL PROTECTED]
Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).






-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).























					Reply via email to