Re: How to get an unix programmer started on web programming?

---

• From: Andrew DeFaria <Andrew@xxxxxxxxxxx>
• Date: Wed, 31 Aug 2005 22:38:52 GMT

---

Jerry Stuckle wrote:

Volker,

Don't allow access to your Oracle server through the web, especially if you have confidential data on it that's not needed by the web. If someone successfully hacks your system, they not only could have full access to the data in your Oracle databases, but they could damage them as well.

Rather, replicate only the data necessary to run your website to another database accessible by the web server (if you're happy with Oracle, that's fine). Then access that subset from the server.

And if your users update this data from the website (i.e. order entry has to decrement inventory count), don't just automatically replicate the changes back to your main database. Rather, have the web site code call a program running on the Oracle server (or another server behind your firewall). This program should (again) validate the information and then make the database changes.

IMHO this is unnecessary paranoia. A well written system will not allow a user to hack your system and access arbitrary bits of data in a database nor destroy a database. In any event limiting such data to a subset and then engineering what needs to be done to keep things in sync is overkill. If the hacker hacks he'll hack your subset database and such a hack will probably be as painful.

--
640K ought to be enough RAM for anybody. - Bill Gates, 1981

begin:vcard
fn:Andrew DeFaria
n:DeFaria;Andrew
adr:;;6265 Kelez Court;San Jose;California;95120-2819;United States
email;internet:Andrew@xxxxxxxxxxx
tel;work:408-979-4311
tel;fax:408-997-6900
tel;home:408-997-6900
x-mozilla-html:TRUE
url:http://defaria.com
version:2.1
end:vcard

---

• Follow-Ups:
  • Re: How to get an unix programmer started on web programming?
    • From: Jerry Stuckle
  • Re: How to get an unix programmer started on web programming?
    • From: Anonymous

• References:
  • Re: How to get an unix programmer started on web programming?
    • From: Jerry Stuckle

• Prev by Date: Re: Day of the week
• Next by Date: Re: eregi_replace and Regular Expression Quandry
• Previous by thread: Re: How to get an unix programmer started on web programming?
• Next by thread: Re: How to get an unix programmer started on web programming?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to get an unix programmer started on web programming? ... Don't allow access to your Oracle server through the web, especially if you have confidential data on it that's not needed by the web. ... Rather, replicate only the data necessary to run your website to another database accessible by the web server. ... A well written system will not allow a user to hack your system and access arbitrary bits of data in a database nor destroy a database. ... (comp.lang.php) Re: How to get an unix programmer started on web programming? ... >> Don't allow access to your Oracle server through the web, ... >> the changes back to your main database. ... If the hacker hacks he'll hack your subset database and ... (comp.lang.php) DataBase security ... there are many ways to hack the SQL server and in turn ... if possible change the default port 1433 to some other ... I had very little idea abt database security. ... (microsoft.public.sqlserver.security) Create SharePoint Portal failed. ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ... (microsoft.public.sharepoint.portalserver) Re: ADO Connection Timeout ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ... (microsoft.public.data.ado)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)