I agree with the post from Bill, the only other thing that your security guys might ask you is to limit what ports Oracle will communicate on. Check Metalink for Notes on how to limit what port Oracle database and the listener use to receive and respond to user requests. Good luck, Ed. --- Ethan Post <post.ethan@xxxxxxxxx> wrote: > I know there has been some discussion here in the > past regarding what you > need to do to your firewall to allow connections > from the web server to an > Oracle database. I have a situation where someone is > requesting this. I have > advised that this is likely not a good idea since I > *think* you have to > pretty much open up the firewall for all traffic to > achieve this. However, I > have not stayed up on this and have never been very > good at it, so can > anyone point me to some security papers etc...that > would talk about the whys > and why nots of allowing direct public web access to > the DB. Perhaps > something that explains the *mechanics* that make > going through a midtier > safer? > > - Ethan > -- //www.freelists.org/webpage/oracle-l