Re: mitigation of oracle/aurora/util/Wrapper and dbms_jvm_exp_perms security issues

From: Martin Bach <development_at_the-playground.de>
Date: Thu, 25 Feb 2010 21:12:34 +0000
Message-ID: <4B86E7C2.1040507_at_the-playground.de>



Hi there!

On 24/02/10 17:36, Allen, Brandon wrote:
> Yes, agreed, but I’d guess that’s a very small minority of all Oracle
> databases, although I have nothing to base that on other than my
> personal experience (I’ve never used XDB). Certainly those who /need/
> Java should have it installed, but I just think it shouldn’t be included
> by default.
>

From my personal experience I can tell you that there are a lot of databases out there that were installed with _all_ possible options installed, regardless of license status. It's just so easy to fire up dbca and click next-next-next and end up having 18 or so lines in dba_server_registry. Not only a licensing problem but can also can cause severe upgrade headaches with entire component groups invalid.

Quite often such databases don't have their dictionaries patched either.... I have to admit though that such environments generally suffered from a lack of attention or even complete absence of the caring hands of a DBA. Packaged applications using Oracle as a backend come to mind .... I predict it won't be long until universities struggle with hacked systems....

Cheers,

Martin

-- 
Martin Bach
OCM 10g
http://martincarstenbach.wordpress.com
http://www.linkedin.com/in/martincarstenbach
--
http://www.freelists.org/webpage/oracle-l
Received on Thu Feb 25 2010 - 15:12:34 CST

Original text of this message