D
dbeavon
Guest
>> doesn't this port fiddling approach still leave open the possibility of shared memory connections? Yes, there is no change in the existing shared-memory connections. That's why it is "security" with quotes around it. Historically we were *only* using shared-memory connections from the CHUI processes on our HP-UX servers. Security concerns didn't exist back in those days. But when we started firing up the *remote* servers for ABL, then all of a sudden we started thinking about "security". This is especially because of the fact that developers can connect their PDSOE (development license) to a remote, production -licensed database. That allows us to compile and run code that updates any production data we want, any time we want. It circumvents not only "security" , but also a ton of software controls that we tried to set in place. At least with the shared-memory connections we could NOT compile and update data in production (*) since the only license available to us on that HP-UX server was a "production" license. Anyway to make a long story short, the remote servers were more of a "security" concern than the existing shared-memory connections. This is probably just because they were new to us, and because developers could do scary things to a production database from our personal workstations. So we started using ip filtering and disallow all remote connections to the port unless they were white-listed by the OE dba.
Continue reading...
Continue reading...