Eugen Paiuc: > > I'm useing debian from last 5 years , and I like to know if installing > new non-free oracle.deb is a security risk for my systems.
As fas as I can tell (only from following the usual IT news sites), Oracle doesn't exactly belong to the overly security conscious corporations. They seem to have a lot of vulnerabilities and are slow to respond. For example, take a look at this list of severe, already *published and fixed* issues with Oracle Database: http://www.red-database-security.com/advisory/published_alerts.html I cannot tell how many of them also apply to Oracle Express, but you get the picture. Additionally, there are probably more unfixed issues that only Oracle and the guy who found it know about. I think Oracle is far, far away from a "full disclosure" policy, so you never know exactly how vulnerable you are. Apart from that, I would never ever expose a database with confidental or important data directly to the internet or some other potentially hostile network. J. -- Tony Blair is a hypnotised self-seeking scarecrow just like all the rest. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
