Eugen Paiuc:
>
> I'm useing debian from last 5 years , and I like to know if installing
> new non-free oracle.deb is a security risk for my systems.
As fas as I can tell (only from following the usual IT news sites),
Oracle doesn't exactly belong to the overly security conscious
corporations. They seem to have a lot of vulnerabilities and are slow to
respond. For example, take a look at this list of severe, already
*published and fixed* issues with Oracle Database:
http://www.red-database-security.com/advisory/published_alerts.html
I cannot tell how many of them also apply to Oracle Express, but you get
the picture. Additionally, there are probably more unfixed issues that
only Oracle and the guy who found it know about. I think Oracle is far,
far away from a "full disclosure" policy, so you never know exactly how
vulnerable you are.
Apart from that, I would never ever expose a database with confidental
or important data directly to the internet or some other potentially
hostile network.
J.
--
Tony Blair is a hypnotised self-seeking scarecrow just like all the
rest.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature