Hi,

Suppose that you have Oracle 8.i and WebDB on a NT machine in your intranet. On this machine, the Listener is running as well. Let the URL for the database be : [url]http://mymachine.mydomain/mydb/[/url]
A connection to the db from a client in the intranet is now no problem with any internet browser. But how to enable a connection via the internet from a remote client? One way is to change some settings in the company's webserver and to enable a mapping: if a remote client enters the URL [url]http://www.mydomain/mydb/[/url] in his browser, the webservers routes it to [url]http://mymachine.mydomain/mydb/[/url] The company's webservers "communicates" now with the Listener, which "communicates" with the db via the PL/SQL gateway.

Now, the question is: "How insecure is this scenario?" I think that....

1.) the database connection is just passwd protected - so this is not sufficiently secure, of course. At least a SSL connection should be realized.
2.) somebody could try to assault the company's intranet via mymachine. Suppose that he knows a valid login/passwd to the database. But could he do anything else? I don't think so, because the Listener just communicates with mydb via the PL/SQL gateway...

So in my opinion, the worst case would be that a hacker gets access to the database, but not to any machine in the intranet.
What do think? - Thanks!

Dan1