I am evaluation the pros and cons of having different oracle schemas vs. seperated oracle servers. Having a dedicated server for each application is really expensive and I only want to consider this, if the security benefits are worth it.
One of the main sticking points is the topic of SQL injection. In case application A has an SQL injection which compromises all the date in schema A in the oracle database. Would it be possible for an attacker to access the data in schema B (in the same oracle database) as well?
I am leaning towards the opinion that seperation via schemas is enough except for the most critical of data stores. Is this best practice and what are the main factors to consider?
Aucun commentaire:
Enregistrer un commentaire