Chapter 16. Using the Internet and the Web
Many years ago, in a system administration class one of us attended, the instructor spent an entire afternoon teaching us the step-by-step procedures for breaking into several different models of Digital Equipment Corporation VAX computers. We learned how to "hack" into a computer from an operator's console and how to gain privileged access from a remote terminal. Of course, some ways to break into the computers were easier than others, but all of the models that were current at that time were able to be compromised. The people in the class were amazed that an instructor would so thoroughly teach the art of the break-in. One student expressed this amazement to the teacher. The teacher's reply, which seemed so obvious afterwards, was, "If you don't know all of the ways which someone can use to compromise your system, you won't be able to completely defend that system."
With the explosive way in which the world has embraced the use of the Internet, intranets , and the World Wide Web, we now have more ways in which our systems can be compromised and there is much more to be learned about defending those systems.
Who's using the Internet today? The large volume of Internet users now includes such diverse populations as private citizens , commercial businesses, universities, hospitals , public institutions, national, state, and local government bodies, and non-profit organizations.
The wealth and volume of information available on the Internet is almost incomprehensible. Information is available on media ranging from newsgroups and electronic mailing lists to product and company information. The United States Government has web sites to supply information about its various organizations and activities. You can "surf" over to the White House home page (http://www.whitehouse.gov/) and gather information from "The Virtual Library" to an "Interactive Citizens' Handbook" to "What's Happening at the White House." Never before in the history of the world have you been able to tap into so much information so easily from the comfort of your own home.
There is an enormous amount to learn about the web and thousands of books written about web use, web page design, and web security. (See Appendix A, for a few such books we've found helpful.) This book's focus is on Oracle security, so we won't try to teach you about overall web issues. Our goals with this chapter are much more limited:
Summarize briefly the terminology involved with web technology
Evaluate your current options for securing your web site
Examine some steps you can take to help protect your Oracle database while making it available from a web site
We emphasize the approaches you can use to help secure your database, from the Internet or an intranet, without the purchase of additional Oracle-supplied tools. However, you may want to look at the next chapter to see what Oracle products are available, at an additional cost, to help protect your database while still making it available through your web site.
| || |
The only real product Oracle supplies with the base RDBMS purchase that might provide some web site security is the Oracle Security Server discussed in Chapter 15.