Results 1 to 2 of 2
I am an Oracle DBA. I have had an argument with our Linux system admin. I want him to turn on Xserver on Linux server so that I can use ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-14-2011 #1
- Join Date
- Mar 2005
Is Xserver bring security problem to Linux server
I am an Oracle DBA. I have had an argument with our Linux system admin. I want him to turn on Xserver on Linux server so that I can use Xwindowns to display Oracle DBCA on my desktop to create a new oracle database. However, he told me that turning Xserver on will cause security vulnerability to the Linux server. I don't understand how could this happen? Xserver is a component of Linux system. if it could cause these problem, why does Linux integrate this program into its system. I don't think this is correct description. Can you, experts or guru, put your comments here to let me learn from you? Thanks.
- 06-16-2011 #2
- Join Date
- Apr 2010
The thing is that installing the X window system means installing a hell of a lot of extra code. All that extra code means a lot of extra possible vulnerabilities. The connection between your desktop and the server also needs to be secured (read: encrypted), otherwise anybody on your network can see whatever you're doing on the server and could even take over your session without you knowing it. Anything running in X is also a lot harder to secure and isloate from the rest of the system. This means your desktop needs to be absolutely secure. Should a hacker take control of your desktop, it would become relatively easy for him to compromise the server, unless the server is properly hardened with SELinux etc. - requiring a lot of extra time of the server administrator.
I'm not gonna go into any more technicalities here, but it is considered a bad practice to install X on a server when it can deliver its services without X.
I don't know anything about databases, but I'm inclined to agree with your sysadmin. If there is a way for you to do what you want to do without requiring the X window system to be running on the server, you should do that.
Would it be possible to securely mount a network drive to your desktop and use the DBCA client on your desktop to create and manage databases on the server's disk?