Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "massive data theft from a database in California"] [Next entry: " white papers section updated for Roby Sherman papers"]

Brian Duff talks about connecting to Oracle servers with ssh

Yesterday Brian Duff of Orablogs fame wrote a short entry in his personal blog Oracle Through a Firewall which describes how you can use ssh to connect or rather tunnel through a firewall to an Oracle server outside of his firewall.

This is an excellent technique to protect access to Oracle servers to ensure that the traffic is not sniffed. There are also links to two papers on my white papers section that also describe how to use ssh to tunnel through a firewall or to encrypt network traffic between an application or application server and the database. This is a good technique to prevent sniffing of password protected role setting or even password changes in the database never mind the protection of th whole connection itself. A good technique to use with a dedicated connection protected with ssh is to use the valid node checking parameters that can be used with the listener (set up in sqlnet.ora) to ensure that the database connections are restricted to the source protected by ssh tunnelling.