Re: Metalink Fiasco
Date: Thu, 12 Nov 2009 14:33:16 +0100
Message-ID: <9b46ac490911120533xcb2b19dn6542f70e7ab5c0dd_at_mail.gmail.com>
for my testing with OCM and SR creation my assumptions are safe enough for me.
http://download.oracle.com/docs/html/E12881_01/security.htm#sthref3 mentions that data to be uploaded into ccr can be viewed in the ./ccr/state directory. I can see a couple of files in there (although no xml files as the doc on 10.3.1 states) but no information I don't want them or any man-in-the-middle to know.
so, if I cannot find any data in the ORACLE_HOME/ccr directory that has mac or ip address info or whatever else is sensitive then I HAVE TO assume that oracle will not upload it. Oracle CM is using a secure http connection to the the oracle so it would be hard to sniff and interpret that traffic.
If you are not comfortable with "connected" mode then don't use it. simple
as that. I am still trying to find out if ocm can help us in quicker problem
submitting and resolving through SR's created using system configurations
uploaded into oracle's ccr.
Though at the moment it seems a bad moment in time for using MOS.
below the
10.3.2.0.0 New Features
Configuring the OCM Collector thru the Oracle Support Hub
The OCM Collector collects configuration information on the Oracle products that it discovers and transmits that information over a secure http connection
to Oracle. The collectors must either have a direct Internet connection path or one through a proxy server. The Oracle Support Hub provides a channel where
by OCM Collectors can route all information through an Oracle Support Hub deployed
within a corporate intranet that in turn has a connection to the Internet. Configuration of a 10.3.2 OCM collector allows the user the ability to configure the connection thru the Oracle Support Hub if a direct connection to
Oralce is not possible.
The Oracle Support Hub is distributed as part of the OCM Companion Distribution.
Documentation on the Oracle Support Hub can be found at http://www.oracle.com/technology/documentation/ocm.html and on the My Oracle Support portal.
Configuring the OCM Collector to mask database usernames
The OCM Collector collects the schema usernames for databases instrumented for configuration collections. The collection of this information is masked when the property 'ccr.metric.oracle_database.db_users.username' is
assigned the value 'mask' in the
$ORACLE_HOME/ccr/config/collector.properties file.
The default is to not mask data.
2009/11/12 Nuno Souto <dbvision_at_iinet.net.au>
> Andre van Winssen wrote,on my timestamp of 12/11/2009 11:13 PM:
>
>
> I was not talking about 10.2.0.5 here. I have a 11.2 RDBMS installation,
>> with no separate grid control agent installation on the clusternodes.
>>
>
>
> Don't know. Im afraid until I receive 11r2 for AIX with grid, I can't
> comment on that release.
>
>
>
> All I have in $ORACLE_HOME/ccr/config is a ccr.properties file which only
>> has lines that are commented out. And there's nothing like a mac or ip
>> address in the files in $ORACLE_HOME/ccr/state.
>>
>
>
> Is there anything in the doco?
>
>
>
> so it's pretty safe to assume that no mac or ip address is sent to oracle
>> ccs.
>>
>
>
> You can make that assumption. I don't.
> The point I made is that until I see a *complete* list of everything that
> may or may not be sent, default or not, OCM doesn't touch any of my systems.
> Assumptions don't come into this, only facts.
>
>
>
> --
> Cheers
> Nuno Souto
> in wet Sydney, Australia
> dbvision_at_iinet.net.au
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Nov 12 2009 - 07:33:16 CST