It also Says "Can't Break it, Can't break IN." That means that it's resistant to attempts to break in. That is the issue at hand. I think it's great that oracle is taking a security initiative, but they shouldn't make false statements.

If you make any kind of interface with a database, (which is 100% neccessary since not all of our data entry folks are oracle experts), you will need to secure the application which has access to read and write to your DB. This proves that Oracle doesn't even understand it's own business model. That statement is too blanket and vague to cover all the coldfusion application developers that use oracle.

My Point: Security will never get to 100%, but you can get darn close if you keep on it. It's all about process.

Good luck

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/309/9975#9975