Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Securing DB Listener: EXTPROC

Securing DB Listener: EXTPROC

From: <emmetriley_at_gmail.com>
Date: Wed, 11 Jul 2007 01:49:52 -0700
Message-ID: <1184143792.772998.213490@d55g2000hsg.googlegroups.com> 





Hi All,



I am trying to understand the proceedure that should be followed to
secure the EXTPROC listener on Oracle 10b DB.



Many documents suggest that if you must use external calls in your
database you should secure the EXTROC listener... they say things like



"If you need to support external procedures, it's best to configure

the extproc listener to run as an unprivileged user; for example, the


"nobody" user on UNIX. By default, the process runs with the

privileges of the database listener. By following this configuration
suggestion, the risks associated with a compromised external procedure
are significantly diminished."



Many web pages quote this type of advice but dont say what you do to
achieve this.



So my question is what do you actually do to make the extproc listener
to run as an unprivileged user??  files to be edited, commands etc??



i have the job of testing that design have implemented this feature
they are suggesting without them actually understanding how to do it
themselves!



Any help appreciated.




/E
Received on Wed Jul 11 2007 - 03:49:52 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US