Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Manually starting services in Windows XP

Re: Manually starting services in Windows XP

From: <bdbafh_at_gmail.com>
Date: 25 Jan 2005 21:22:26 -0800
Message-ID: <1106716946.896156.22120@c13g2000cwb.googlegroups.com> 





Rauf,



this is not intended at you specifically, but can we please (in
general)  just disable the external procedure listener if its not being
used?



this practice only continues to propagate bad examples of insecure
installations/configurations.



why the doesn't oracle set functionality like this off by default?


(10g R2 request, perhaps?)




It was a HUGE improvement when they started locking out accounts in 9i


(did not in 8i) in databases created by dbca.




IIRC, external procedure listeners had large vulnerabilities back in
Security Alert #29, 57.



we can't just make the same mistakes, or leave the same holes open,
over and over again.



there are numerous papers out on the net and in metalink describing
methods to leverage this functionality in a less insecure
configuration.



at least run the extproc as a stand-alone listener with reduced
privileges, not on the same listener as your database instances.
-bdbafh
Received on Tue Jan 25 2005 - 23:22:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US