0

We have a web application (a COTS product) and we need to query the application DB periodically using an external scheduler for alert purposes. DB is Oracle, se we decided to schedule a job on the application's server using sqlplus. Our security team complained the this is considered a bad practice since sqlplus is intended to be a client application.

I personally can't see it as a bad practice. Could someboby point me towards some use case that can result in security issues? Thanks.

loscuropresagio
  • 101
  • 1
  • I've never heard of this being called a bad practice. Are there *better* practices you could use? Sure - but that fact doesn't make this a *bad* practice IMHO. I've seen it used before at multiple previous jobs... – John Jun 26 '15 at 13:19
  • sqlplus is NOT considered a client application. It is the ONE tool to operate the database on the server. This all boils down to how your data is secured regardless of which tool you use. – Bjarte Brandt Jun 30 '15 at 21:04

0 Answers0