Oracle EM Console security

It’s probably not a wise idea to allow SYSDBAs to connect to Oracle’s Enterprise Manager Console (actually it’s a Web application) over HTTP. Someone could sniff the password and have access to the database.

Create a secure SSH tunnel:

ssh -L 5501:localhost:5501

So I run the above line from my workstation and then connect to localhost:5501/em

Gotcha: Make sure the local and remote port are the same! EM doesn’t work otherwise.

P.S. I’m available for Oracle security auditing for just 100UKP an hour.


If you like this, you might like the opensource software Web kiosk software I develop. It's very useful in public and business environments for ease of deployment and privacy.