Monday, 17 December 2007

Oracle Data Security Tips

If you're building a client-server application, you can use these tips:

  1. Build a three tier application, so the client is not connect to the database directly.
  2. Allow only 1 IP Address (as application server) connect to the oracle database (you can use blocking IP tips).
  3. Never use Oracle user ID (specially DBA user) as your Application user ID, instead create a user table with user and encrypted password in it.
  4. Give your Oracle Listener a password, so when someone unauthorized send a stop message to the listener it didn't work out.