Skip navigation.

APPS Blogs

UTL_FILE_DIR Security Weakness: Why and How To Use Oracle Directories

UTL_FILE_DIR is the database initialization parameter the Oracle Database uses to determine what operating system directories and files PL/SQL packages, functions, and procedures may read from or write to when using the standard UTL_FILE database package.  The directories specified in the UTL_FILE_DIR parameter may be accessed by any database user, which can be a security issue.  In Oracle 9iR2, Oracle released new functionality called “Directories” that provides a more secure and robust capability to access operating system directories and files.  The advantages of using Directories over UTL_FILE_DIR are –

  • Read and/or Write access to a Directory can be granted to individual database accounts or roles
  • A Directory can be added without having to bounce the database
  • Directory name is used in the UTL_FILE.FOPEN statement rather than the directory path, which allows changes to the directory path without modification to the PL/SQL source code
Securing UTL_FILE

The UTL_FILE database package is used to read from and write to operating system directories and files.  By default, PUBLIC is granted execute permission on UTL_FILE. Therefore, any database account may read from and write to files in the directories specified in the UTL_FILE_DIR database initialization parameter.

Oracle usually assumes that PUBLIC has execute permission on UTL_FILE, therefore, many Oracle product installations do not specifically grant execute permission on UTL_FILE to Oracle installed database accounts.  Consequently, revoking execute permission on UTL_FILE from PUBLIC will result in errors in a number of standard Oracle database utilities and The Oracle E-Business Suite.  Also, some Oracle products and third party products will grant execute on UTL_FILE to PUBLIC during the installation of the product.

We do not recommend revoking execute permission on UTL_FILE from PUBLIC in database instances running the Oracle E-Business Suite and other complex applications (i.e., SAP, Peoplesoft, Oracle Clinical, etc.) due to the possibility of encountering errors in the application and third party products.  Only revoke execute permission from PUBLIC in database instances where the application, third party products, and all database management tools can be thoroughly tested.  All Oracle delivered products must be tested since Oracle often assumes UTL_FILE is granted to PUBLIC and does not provide the necessary grants when any products are installed – this includes products like Enterprise Manager Grid Control and Apex.

Security considerations with UTL_FILE can be mitigated by removing all directories from UTL_FILE_DIR and using the Directory functionality instead.

Oracle E-Business Suite and UTL_FILE_DIR

The combination of UTL_FILE being granted to PUBLIC and UTL_FILE_DIR being publicly accessible creates a significant security issue for the Oracle E-Business Suite.  The Oracle E-Business Suite uses UTL_FILE_DIR to read and write concurrent manager request temporary files.  Also, UTL_FILE_DIR is extensively used by most organizations to access interface and conversion data files from PL/SQL interface programs.

In the Oracle E-Business Suite, UTL_FILE_DIR is usually set to include at least the directories specified in $APPLPTMP and $APPLTMP – in the default installation this will include at least “/usr/tmp”.  Frequently, additional custom directories will be included for custom interfaces and other custom programs.

By accessing the APPLSYSPUB database account, an attacker can easy read and write interface data files.  Depending on the exact configuration, implemented modules, and custom interfaces, this could allow access to sensitive information including social security numbers and credit card numbers.

Migrating From UTL_FILE_DIR

For Oracle E-Business Suite customers, migrating from UTL_FILE_DIR to Directories requires only minimal changes and may require no source code changes depending on the design of the interfaces and other custom programs. The steps are as follows -

  1. Identify where UTIL_FILE is used
  2. Create Directories
  3. Change FOPEN calls to use Directories
  4. Edit UTL_FILE_DIR to remove physical Directories

Step One – Identify Where UTIL_FILE Is Used

The most difficult issue is identifying the packages, functions, and procedures using the physical directories in UTL_FILE_DIR.  The UTL_FILE_DIR physical directories are only directly referenced by the UTL_FILE.FOPEN function.  The FOPEN specifies the operating system directory and file name to open.  All subsequent read, write, and close function calls use the file handle returned by FOPEN.

The following SQL may assist in identifying uses of UTL_FILE_DIR in FOPEN statements –

SELECT * FROM dba_source 

WHERE upper(text) like '%FOPEN%' 

AND name like '%<custom prefix>%' 

AND owner = 'APPS' 

 If the calls to FOPEN are not in a common function and are not accessed through some other indirection, it should be fairly straightforward to find and change the necessary FOPEN references in any custom PL/SQL packages, functions, and procedures.  If the physical directory paths are stored in a table or in a concurrent program definition, then no changes to the source code are required.

At this time, converting the standard the Oracle E-Business Suite directories ($APPLPTMP and $APPLTMP) is not recommended as this is not supported by Oracle.  Theoretically it should work without any issues, however, the Oracle E-Business Suite references the directories in multiple places including the $APPLPTMP and $APPLTMP environmental variables, system profile options (e.g., “ECX: XSLT File Path”), and potentially in some configuration files.

Step Two – Create Directories

The following general steps are required to change the references from UTL_FILE_DIR to Directories. Please note that the directory name MUST always be in uppercase in all UTL_FILE.FOPEN statements, otherwise errors may be encountered

For each custom directory in UTL_FILE_DIR, execute the following SQL statements in each development, test, and production database instance –

 
CREATE OR REPLACE DIRECTORY <name> AS '<physical directory path>'; 
GRANT READ, WRITE ON DIRECTORY <name> TO APPS;            

as an example –

CREATE OR REPLACE DIRECTORY TMP_DIR AS '/usr/tmp'; 
GRANT READ, WRITE ON DIRECTORY TMP_DIR TO APPS; 

 

The directories “/usr/tmp” and “../comn/temp” and any other directories specified in $APPLPTMP and $APPLTMP should remain in UTL_FILE_DIR, since these directories are required by Oracle.

Step Three – Change FOPEN Calls to Use Directories

Once directories have been created the next step is to edit your code to use them. The process is straightforward. If a physical directory is specified in the UTL_FILE.FOPEN statement, change the hard-coded path to the Directory name. 

As an example –

FILE_ID := UTL_FILE.FOPEN('/usr/tmp', 'dummy.txt', 'W'); 

 change to –

FILE_ID := UTL_FILE.FOPEN('TMP_DIR', 'dummy.txt', 'W'); 

 Two pointers to keep in mind:

  1. Always be sure to use the directory name in uppercase and it must be enclosed in single quotes  
  2. If the physical directory is specified in a table or as a parameter in a Concurrent Program definition, then just specify the Directory name rather than a physical path – /usr/tmp becomes TMP_DIR

Step Four – Edit UTL_FILE_DIR to Remove Physical Directories

Remove all the custom physical directories from UTL_FILE_DIR.  The standard Oracle directories of ‘/usr/tmp’, ‘../comn/temp’, etc. should not be removed.  The database must be bounced for the change to take effect.

 

If you have questions, please contact us at info@integrigy.com

References Tags: Information DisclosureOracle DatabaseOracle E-Business Suite
Categories: APPS Blogs, Security Blogs

SYNC 2014 !

Bas Klaassen - Thu, 2014-07-24 12:15
Vanuit Proact organiseren wij het kennisplatform SYNC 2014 op 17 september in de Rotterdam Cruise Terminal. Alle hedendaagse IT-infrastructuurontwikkelingen in 1 dag: • Een interactief programma o.l.v. dagvoorzitter Lars Sørensen o.a. bekend van BNR • Een keynote van Marco Gianotten van Giarte, de Nederlandse “Gartner” op het gebied van Outsoucing/Managed Services • Huisman Equipment over de Bas Klaassenhttp://www.blogger.com/profile/04080547141637579116noreply@blogger.com0
Categories: APPS Blogs

R12.2 :Modulus Check Validations for Bank Accounts

OracleApps Epicenter - Sat, 2014-07-12 08:45
The existing bank account number validations for domestic banks only check the length of the bank account number. These validations are performed during the entry and update of bank accounts.With R12.2 the account number validations for United Kingdom are enhanced to include a modulus check alongside the length checks. Modulus checking is the process of [...]
Categories: APPS Blogs

Oracle E-Business Suite Security - Signed JAR Files - What Should You Do – Part II

In our blog post on 16-May, we provided guidance on Java JAR signing for the E-Business Suite. We are continuing our research on E-Business Suite Java JAR signing and will be presenting it in a forthcoming educational webinar. Until then we would like to share a few items of importance based on recent client conversations -

  • Apply latest patches - The latest patches for Oracle E-Business Suite JAR signing are noted in 1591073.1. There are separate patches for 11i, 12.0.x, 12.1.x and 12.2.x. To fully take advantage of the security features provided by signing JAR files the latest patches need to be applied.
  • Do not use the default Keystore passwords - Before you sign your JAR files change the keystore passwords.  The initial instructions in 1591073.1 note that a possible first step before you start the JAR signing process is to change the keystore passwords. Integrigy recommends that changing the keystore passwords should be mandatory. The default Oracle passwords should not be used. Follow the instructions in Appendix A of 1591073.1 to change both keystore passwords. Each password must be at least six (6) characters in length. If you have already signed your JAR files, after changing the keystore passwords you must create a new keystore and redo all the steps in 1591073.1 to create a new signed certificate (it is much easier to change the keystore passwords BEFORE you sign your JAR files).
  • The keystore passwords are available to anyone with the APPS password - Using the code below anyone with the APPS password can extract the keystore passwords. Ensure that this fact is allowed for in your polices for segregation of duties, keystore management and certificate security.

SQL> set serveroutput on
declare 
spass varchar2(30); 
kpass varchar2(30); 
begin 
ad_jar.get_jripasswords(spass, kpass); 
dbms_output.put_line(spass); 
dbms_output.put_line(kpass); 
end; 
/

This will output the passwords in the following order:

store password (spass) 
key password (kpass)

If you have questions, please contact us at info@integrigy.com

References Tags: Security Strategy and StandardsOracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Oracle E-Business Suite Security, Java 7 and Auto-Update

Maintaining a secure Oracle E-Business Suite implementation requires constant vigilance. For the desktop clients accessing Oracle E-Business Suite, Integrigy recommends running the latest version of Java 7 SE.  Java 7 is fully supported by Oracle with Public Updates through April 2015 and is patched with the latest security fixes. Most likely in late 2014 we anticipate that Oracle will have released and certified Java 8 with the Oracle E-Business Suite.

Most corporate environments utilize a standardized version of Java, tested and certified for corporate and mission critical applications. As such the Java auto-update functionality cannot be used to automatically upgrade Java on all desktops. These environments require new versions of Java to be periodically pushed to all desktops. For more information on how to push Java updates through software distribution see MOS Note 1439822.1. This note also describes how to download Java versions with the Java auto-update functionality disabled.

Keep in mind too that the version of Java used with the E-Business Suite should be obtained from My Oracle Support. Your Desktop support teams may or may not have Oracle support accounts.

Other points to keep in mind:

  • To support Java 7, the Oracle E-Business Suite application servers must be updated per the instructions in MOS Note 393931.1
  • “Non-Static Versioning” should be used the E-Business Suite to allow for later versions of the JRE Plug-in to be installed on the desktop client. For example, with Non-Static versioning JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. With Non-Static versioning, the web server’s version of Java is the minimum version that can be used on the desktop client.
  • You will need to implement the Enhanced JAR File signing for the later versions of Java 7 (refer to Integrigy blog posting for more information)
  • Remember to remove all versions of Java that are no longer needed – for example JIinitiator

You may continue using Java 6.  As an Oracle E-Business Suite customer, you are entitled to Java 6 updates through Extended Support.  The latest Java 6 update (6u75) may be downloaded from My Oracle Support. This version (6u75) is equal to 7u55 for security fixes.

If you have questions, please contact us at info@integrigy.com

References

 

Tags: Security Strategy and StandardsOracle E-Business SuiteIT Security
Categories: APPS Blogs, Security Blogs

Revert R12.1.3 Homepage Layout to Link Style as in R12.1.1 or 11i

OracleApps Epicenter - Wed, 2014-05-07 04:35
If you are using R12.1.2 , user may report some difficulty with Homepage responsblity , therefore they prefer similar to 11i or R12.1 In release 12.1.2 the E-Business Suite homepage has been re-designed using the configurable pages infrastructure. This is new Enhancement which allows customers to work with a WYSIWYG model of configuration. This allows [...]
Categories: APPS Blogs

Quiet Release MySQL Plugin 12.1.0.1.2 — bug fixes

Alex Gorbachev - Tue, 2012-12-11 12:30
This is just a small bug fix release of the plugin. It was actually quietly released for a while now of if you have downloaded the plugin recently, you have the latest version. To be sure — check the version in the Console or you will see it in the file name. There are two [...]
Categories: APPS Blogs

IOUG Big Data SIG — Kick-off Meeting at OOW12

Alex Gorbachev - Thu, 2012-09-27 16:47
Announcing the IOUG Big Data Special Interest Group (SIG)! We have the SIG meeting at Oracle Open World — come join us with you morning coffee. Nothing better than starting your Big morning with Big Data talks! Yes — we actually managed to get the room at this busy times at OOW thanks to IOUG. [...]
Categories: APPS Blogs

IOUG Collaborate 2013 — Call for Speakers Informational Webinar

Alex Gorbachev - Tue, 2012-09-11 04:28
As I’ve become Director of Communities for IOUG recently, I’m intimately involved in many aspects of leading IOUG community. One of the area the user group is pursuing all the time is finding the new speakers and that takes some part of convincing the community members to actually start presenting. There are many of you [...]
Categories: APPS Blogs

Oracle OpenWorld 2012 – Bloggers Meetup

Alex Gorbachev - Thu, 2012-09-06 13:40
Oracle OpenWorld 2012 is just over a month away and yes we are organizing the Annual Oracle Bloggers Meetup — one of your top favorite events of the OpenWorld. What: Oracle Bloggers Meetup 2012 When: Wed, 3-Oct-2012, 5:30pm Where: Main Dining Room, Jillian’s Billiards @ Metreon, 101 Fourth Street, San Francisco, CA 94103 (street view). [...]
Categories: APPS Blogs

Announcing MySQL Plugin 12.1.0.1.0 for Oracle Enterprise Manager 12c Cloud Control

Alex Gorbachev - Thu, 2012-08-30 12:00
MySQL management plugin for EM 12c has been long overdue. I’ve initially migrated the older plugin to EM 12c about 6 months ago and few dozen people received this as initial beta of the plugin. It worked OK but didn’t use any of the 12c new features and its home page was a bit of [...]
Categories: APPS Blogs

Advert: few Oracle Database Appliances at significant discount

Alex Gorbachev - Wed, 2012-08-29 16:19
This blog is a little bit self serving and I’d normally not post it but I think that it would be an awesome deal for those of you who are thinking of buying an Oracle Database Appliance now. We have several just two left brand new, unopened ODAs left in our inventory that we need [...]
Categories: APPS Blogs

How to Prevent Manual Entries to System Accounts

The Feature - Tue, 2012-08-07 23:21
There is a new feature in Oracle General Ledger R12 (12.1.3), which lets you define an additional qualifier called Third Party Control on your natural account values. You can set the Third Party Control qualifier for your accounts to be only used by Payables (Supplier) or Receivables (Customer), or prevent any manual entries (Restrict manual … Continue Reading
Categories: APPS Blogs

Two Newly Published White Papers for November 2011!

OracleContractors - Wed, 2011-11-16 03:45

Many thanks firstly to Ahmed Jassat, author of “Cloning from 20hrs to 20mins using Oracle Dataguard” & also to Alexander Reichman, author of “Interacting with BPEL/Workflow from Oracle Forms 11g”.

Ahmed is an Oracle Apps DBA based in South Africa & his White Paper focuses on a client site where he has worked & how implementing Oracle Dataguard has reduced the cloning time dramatically for them & the impact this has had on the business. A must-read for any DBA/Technical Managers, DBAs, Apps DBAs & disaster recovery teams.

Alexander is a certified Oracle DBA based in Canada & his White Paper focuses on integrating Oracle Forms 11g with Oracle BPEL/Workflow included in the Fusion Middleware 11g platform. A must-read for any Oracle Forms Developers, SOA Architects & Project Managers.

Many thanks for your contributions guys!

Categories: APPS Blogs

Is anyone actually using this database? - How to tell whether or not you can delete an old database

OracleContractors - Sat, 2011-08-27 04:07

When you log into a database server that has been running for several years, you will often find lots of files from databases that may not have been used for some time.

The people who created them probably left the company long ago and there is little documentation on the databases. Nobody is certain whether or not they are still being used, so they just sit around using up disk space.  If the databases are started up, then they’re also using memory, even though they may not be doing anything productive.

Rather than prolonging this situation, it’s a good idea to remove these databases - once you’ve confirmed that no-one uses them anymore.  Unfortunately, within a large business it may not be easy finding out who within the company is using which databases, if documentation has not been kept up to date.

As a starting point you can look in the following places:
(i) Database alert log
If the database is currently shut down, then what date was it shut down? If this was a long-time ago (i.e. more than 1 year), then the chances are that the database is no longer used, or is so out of date with current business data that it would need to be refreshed/updated before it could be of any use. 

Note: Just because things such as configuration changes (i.e. extending datafiles) are shown in the alert log, it doesn’t mean to say that it’s actually in use.  A DBA can carry out maintenance tasks on a database, whether or not there are any business users carrying out work.

Similarly, you may find that a backup tool such as RMAN regularly connects to the database.  This also doesn’t mean to say that the database is being used by the business - just that it’s being backed up.

(ii) Listener log
Search in the listener log for the last entries for that database. Even if the database is shutdown, this will let you know the last time that anyone was using it.  Be careful that you don’t think that someone is using the database just because there is an automated application process or reporting tool that connects to the database regularly.  If individual users are not connecting to the database, then it may not be in use anymore. 

Note: Double-check with any reports or application support teams as well, because the database may just be a repository, in which case individual user connections could be rare.

(iii) Datafile timestamps
If the database is shutdown, What is the last modified date shown in the filesystem for the datafiles?  I’ve come across situations where you can’t find any entries for the SID in the listener log and the alert log for the database has been removed, so this is a good way to find out when the database was last open.

Note: This is assuming that someone hasn’t just copied the files from another location, without preserving the original file timestamps.
(iv) Run AWR/ASH or Statspack reports
These will let you know if anyone has been using the database within the last week or longer - depending on the retention period configured for the database.  (If performance snapshots are not configured, then you may also find useful information on long-running transactions in V$SESSION_LONGOPS).

Note: Just because a database hasn’t been used in the last week, doesn’t mean to say it’s not required anymore.  It could be used for monthly, weekly or annual reporting, so you may not see regular activity.
 (v) Database Auditing
If database auditing has been enabled, it will give you an idea who has been accessing the database. (e.g. query views such as DBA_AUDIT_SESSION and DBA_AUDIT_TRAIL).
(vi) Standby databases
It’s worth running the query SELECT DATABASE_ROLE FROM V$DATABASE; If this returns “PHYSICAL STANDBY” or “LOGICAL STANDBY”, then it could mean that someone has deleted a primary database in the past, but neglected to remove the associated standby database. 
 

Before deleting any databases, it would be advisable to email anyone that may have an interest in the database and then ensure that a copy of the database files and configuration information is archived to tape or other storage for a pre-defined period of time.  Ensure that you have approval from all interested parties before carrying out any work like this, which could have an impact on the business.

Categories: APPS Blogs

Three New free of charge Oracle White Papers released for August!!!

OracleContractors - Mon, 2011-08-15 07:14

Hi all,

Many thanks to the following authors for their White Papers, your contributions are much appreciated & help to share Oracle knowledge on a global scale:

Martin Dvorak - “How to Plan & Deliver Oracle eBusiness Suite Training with UPK”

Claire Aukett - “Absence Management using R12 Oracle HCM & CRM”

Elwyn Lloyd Jones - “Upgrade Strategies for OWB Environments”

If you would like a copy of any of these papers, please register with the White Paper area of our website where you can gain access to our full White Paper library & if you are interested in becoming a White Paper author yourself, please contact me at: kirsten.campbell@oraclecontractors.com

New papers are also being released in September too so watch this space!

Categories: APPS Blogs

To OCP or not to OCP, that is the question

OracleContractors - Sat, 2011-08-13 03:09

Over the years, the topic of whether or not to take the Oracle Certified Professional (OCP) exams has been discussed many times. A large number of clients and agencies now regularly ask for candidates who are OCP qualified.

The main arguments against the exams seem to be along the following lines:

 

The exams only deal with theoretical situations. You can’t beat real-life experience. 
This is true, but the exams do demonstrate that you are able to understand technical issues.  In order to resolve problems, you need to know how the software works.  You also need real-life experience of using your theoretical knowledge in a practical manner, before you can become an effective DBA.

Outside of a test laboratory or classroom, you have real users, applications and software from multiple vendors. Once exposed to these environments you become a much better DBA.

 
The exam is just a memory test.
That’s true to some extent - but you have to understand the question and which of the possible answers is the correct one. You still have to understand what you’ve remembered.  Even though you may forget the exam topics over time, at least you have positive proof that at the time you took the exam, you knew that area of Oracle in detail.

 

I don’t need to take the exams to show that I keep up to date.
Whilst you can just read the documentation, at least the exams prove that you’ve made the effort to keep your skills current. Otherwise everyone else just has your word for it that you have.  

The other issue is that you can read the documentation but not understand it properly. Passing the exam is proof that you understood the concepts in sufficient depth to pass the exam.

Taking the exams also provides a more focused way of keeping up to date.

 

 
Why bother learning about lots of features that you’re never going to use?
There are lots of features that you may never use, but if a new problem arises - if you’ve kept up to date - then you’re are aware of all the possible solutions.  You don’t always have several days or hours to go away and research all the available options. Even having a high-level overview of a solution can mean that you not only resolve issues more quickly, but that you’re more likely to come up with the most effective solution.  If you aren’t aware of other solutions then you never will use them. You’ll just end up doing things the same way that they’ve been done for years.

Another reason for learning about many features is that unless you can predict the future, how do you know what features you will never use? 

Knowledge of lots of functionality is useful when resolving issues because more options that were once separate from the main database installation are now integrated into it. Sometimes these options can cause errors even though your application isn’t actually using them.

The exams also demonstrate that you’re interested enough in the technology to want to keep up to date. Nobody forces you to take them.

Whether or not you decide to take the exams is a personal choice, but I would say that they can be useful as a starting point to differentiate between two DBA’s who have a similar level of experience.  There is still no substitute for real-world experience and just because someone passes the exam doesn’t necessarily mean that they’ll be a better DBA. 

(In case you’re wondering, I have taken the exams!)

Categories: APPS Blogs

Tracing ODBC Connections to an Oracle Database

OracleContractors - Thu, 2011-08-04 23:06

Various applications can be configured to connect to an Oracle database using an ODBC connection. When there are problems with the connection, it can sometimes be useful to enable ODBC tracing. 

This is a pretty straightforward task and can often highlight useful information to diagnose issues such as incorrect ODBC drivers or driver versions, or attempting to use incorrect database connection information. 

The Scenario
————-
To demonstrate ODBC tracing, we’ll first log into an Oracle 11.2.0.1.0 Enterprise edition database called “ORCL11″ and create an account called “odbc1″:   

create user odbc1 identified by odbc1;

(Note: You may want to make your password more secure than this! Remember also that 11g has case-sensitive passwords by default)

grant create session, create table to odbc1;
alter user odbc1 default tablespace users;
alter user odbc1 quota 10M on users;

Next we’ll connect as our new user and create a test table with a small amount of data.

connect  odbc1/odbc1

create table odbc_test_tab (col1 varchar2(40));
insert into odbc_test_tab values (’TEST’);
insert into odbc_test_tab values (’TEST2′);
commit;


Then we create an ODBC connection to our ORCL11 database.  Create the connection using a System DSN called “EXCEL_TEST11″. Use the Oracle ODBC Driver 11.2.00.01 and the odbc1 database account to connect.

The last step is to create a new Excel 2010 spreadsheet called “odbctesting.xlsx” 

Note: To keep this post brief, I haven’t included full details of the steps to create the ODBC connection, or of setting up the connection in Excel. If anyone wants detailed instructions on how to do this, please let me know.  For the Excel connection the main steps are to go to the Data tab - “From Other Sources” - “From Data Connection Wizard” - “ODBC DSN” - Next and then select the “EXCEL_TEST11″ ODBC connection.  (Even though you’ll see a large listing of database objects, the ODBC1.ODBC_TEST_TAB is in the list - near the end. All the other objects are database views and tables to which PUBLIC - i.e. all users - have been  granted access).   Don’t select the option to save the password to the file.
 

Turning on tracing
——————
Next we’ll turn on ODBC tracing, so that we can see what’s happening when the connection is being made. From a Windows XP client, as you need to do is:

Start - control panel - Administrative Tools - Data Sources (ODBC)   (or you can go  Start - run - odbcad32)

Then: Go to the “Tracing” tab - Click on the “Start Tracing Now” button

Once you’ve clicked on the “Start Tracing Now” button, you’ll notice it will change to be a “Stop Tracing Now” button - Apply - OK.   This closes the ODBC Data Source Administrator.
Notes:
(i) To change the location of the logfile, click on the “Browse” button on the Tracing tab. You can also change the name of the log file. Then click Save.
(ii) Be aware, that this will turn on tracing for ALL ODBC connections running on this client.
(iii) Tracing could have a serious performance impact on your application, so only enable it if neccessary. 
(iv) Microsoft support article ID: 942976 notes that 64-bit versions of windows have two versions of the ODBC Administrator tool:

%systemdrive%\Windows\SysWoW64 folder.   - 32-bit version of Odbcad32.exe
%systemdrive%\windows\System32 folder.   - 64-bit version - also called Odbc32.exe

If running odbcad32 to edit 32-bit DSN’s, then specify the full path to the executable. 32-bit System DSN’s will only appear in the 32-bit version of odbc32.exe and 64-bit System DSN’s will only appear in the 64-bit version  of odbc32.exe.  However, be aware that User DSN’s will appear in both versions. Please refer to the Microsoft support note for more details.  
 

Viewing a successful connection
——————————-
To see a successful connection, we can open our spreadsheet and select the “Refresh All” option on the Data tab.
The ODBC tracing logfile contains a large amount of information. An extract is shown below. (I’ve added comments pre-fixed by “#”, but you obviously won’t see these in the logfile).


e               8fc-dd0 EXIT  SQLAllocConnect  with return code 0 (SQL_SUCCESS)   # successfully connected to the database.

  WCHAR *             0×03B9F460 [      37] “SELECT * FROM “ODBC1″.”ODBC_TEST_TAB”"  # select statement to run against our table.

e               8fc-dd0 EXIT  SQLDescribeColW  with return code 0 (SQL_SUCCESS) # Description of column data within the table follows
  …
  WCHAR *             0×0013FA20 [       4] “COL1″                # Column name

  SQLULEN *           0×024FEA68 (40)                             # Column length      

e               8fc-dd0 EXIT  SQLExecDirectW  with return code 0 (SQL_SUCCESS)  # Successfully executed SQL select statement

e               8fc-dd0 EXIT  SQLFetch  with return code 0 (SQL_SUCCESS) # Successful fetch of data from the first row in our table

e               8fc-dd0 EXIT  SQLFetch  with return code 0 (SQL_SUCCESS) # Successful fetch of data from the second row in our table

e               8fc-dd0 EXIT  SQLFetch  with return code 100 (SQL_NO_DATA_FOUND) # No more data to be fetched from the table - there are only 2 rows.

e               8fc-dd0 EXIT  SQLDisconnect  with return code 0 (SQL_SUCCESS)  #Disconnect from the database
 

Viewing an unsuccessful connection attempt due to an incorrect password
————————————————————————
Here we refresh our spreadsheet again, but deliberately use an incorrect password:

Excel error messages:

[Oracle][ODBC][Ora]ORA-01017:invalid username/password; logon denied
[Microsoft][ODBC Driver Manager] Driver’s SQLSetConnectAttr failed

ODBC Trace file error messages:

  DIAG [28000] [Oracle][ODBC][Ora]ORA-01017: invalid username/password; logon denied
 (1017)
  DIAG [IM006] [Microsoft][ODBC Driver Manager] Driver’s SQLSetConnectAttr failed (0)

 

Wrong Database Service name specified
————————————-
We refresh our connection, but put an incorrect entry in the “Service Name” box:

Excel error messages:

[Oracle][ODBC][Ora]ORA-12170: TNS:Connect timeout occurred
[Microsoft][ODBC Driver Manager] Driver’s SQLSetConnectAttr failed

ODBC Trace file error messages:
  DIAG [S1000] [Oracle][ODBC][Ora]ORA-12170: TNS:Connect timeout occurred (12170)
  DIAG [IM006] [Microsoft][ODBC Driver Manager] Driver’s SQLSetConnectAttr failed (0)

Listener is down
—————-
We shut down the listener and then refresh the spreadsheet. Excel error messages:

[Oracle][ODBC][Ora]ORA-12541: TNS:no listener

ODBC Trace file error messages:

DIAG [S1000] [Oracle][ODBC][Ora]ORA-12541: TNS:no listener (12541)
DIAG [IM006] [Microsoft][ODBC Driver Manager] Driver’s SQLSetConnectAttr failed (0)

 

 

Database is down
—————–
Startup the listener and shut down the 11g database. Refresh the Excel spreadsheet:
Excel error messages:

[Oracle][ODBC][Ora]ORA-12514: TNS:listener does not currently know of service requested in connect descriptor

ODBC Trace file error messages:

DIAG [S1000] [Oracle][ODBC][Ora]ORA-12514: TNS:listener does not currently know of service requested in connect descriptor (12514)
DIAG [IM006] [Microsoft][ODBC Driver Manager] Driver’s SQLSetConnectAttr failed (0)

Note: You might think, why bother tracing ODBC if you get the error messages in Excel anyway?  That’s fine, but the main purpose of this post is to illustrate that if you are using an application which doesn’t supply detailed messages, you may be able to find out the cause of any issues by turning on ODBC tracing.
 

 

Turning off ODBC Tracing
————————
To stop tracing, you can then just open up the ODBC Data Source Administrator as before - go to the “Tracing” tab and click on the “Stop Tracing Now” button - Apply - OK. 
Note: Don’t leave tracing turned on permanently, otherwise it could fill up the local drive on the client. ODBC tracing can generate a lot of information. Remember to delete or archive old trace files.

Other references:
http://support.microsoft.com/kb/268591/EN-US

Categories: APPS Blogs

How big is my oracle database?

OracleContractors - Thu, 2011-07-28 14:50

People ask this question a lot on the internet and most of the answers just seem to focus on a query of dba_data_files, similar to that shown below:

Datafiles
select sum(bytes)/1048576 “DATAFILES_SIZE_MB” from dba_data_files;
That’s fine to start with, but you should also include tempfiles, which are used when an operation such as a large sort is too big to fit into the relevant memory allocated to the session.
Tempfiles
select sum(bytes)/1048576 “TEMPFILES_SIZE_MB” from dba_temp_files;
 

Your redo logs can also use up a large amount of disk space - especially if your database has more than the minimum number of 2 redo log groups. (You may also have several members within each group).
 

Redologs
select sum(bytes)/1048576 “REDOLOGS_SIZE_MB” from v$log;

The database obviously needs controlfiles to record information such as which datafiles belong to the database.  If your CONTROL_FILE_RECORD_KEEP_TIME is set to a large value, then your controlfiles can become quite large.

Controlfiles
select round(sum(block_size*file_size_blks)/1048576,2) “CONTROLFILESIZE_MB” from v$controlfile;

From 10g onwards, flashback database is not enabled by default, but if it is, then this area can grow rapidly over time. 

Flash Recovery Area
select * from v$recovery_file_dest; 
select * from v$flash_recovery_area_usage;  

These views will show sizing details and free space available. 

Note: If your backups are held outside of the flash recovery area, then you’ll also need to allow space for these. This will depend on your backup strategy and backup retention policy. (Export/datapump export dumpfiles also need to be planned for).

If you are using RMAN incremental backups and have block change tracking enabled, then include this file:

Block change tracking file
select filename, nvl(bytes/1048576,0) “BLOCK_CT_SIZE_MB” from v$block_change_tracking;
 

Files referenced by database directories or the utl_file_dir parameter
Your application may read from, or write to external files via database directories or the utl_file_dir parameter.

Other examples of using external directories are for

(a) External tables -

select a.owner||’.'||a.table_name||’ stored in directory ‘||b.directory_path “EXTERNAL_TABLES”
from
dba_external_locations a, dba_directories b
where a.directory_owner=b.owner
and a.directory_name=b.directory_name;
(b) If you are storing multiple versions of the same tablespace within a file group repository. (i.e. tablespace versioning).

select a.tablespace_name, a.version, a.file_group_owner, a.file_group_name,
b.file_name, b.file_directory
from dba_file_group_tablespaces a, dba_file_group_files b
where a.file_group_owner=b.file_group_owner
and a.file_group_name=b.file_group_name;
 

Miscellaneous files
There are a large number of files which you could also include in your sizing if you wanted to. Though most of these are really external to the database.
Examples include:

(a) The spfile/pfile and any ifile referenced files.
(b) Any external scheduler jobs (i.e. program_type=’EXECUTABLE’ and program_action which points to a shell script).
(c) Configuration files such as Oracle wallet files and database gateway/hs services files.                   

(d) Oracle networking files. (e.g. tnsnames.ora, sqlnet.ora, listener.ora)
(e) Passwordfile.
(f) Any application code that needs to be deployed to the database server.
(g) Any database management or monitoring scripts that need to be on the server. 
(h) Files referenced by the audit_file_dest parameter, if audit_trail is set to use the “OS” or “XML” options.
(i) Archived redo logs and standby redo logs. Be aware of space usage related to the workload of your database and whether or not you have multiple destinations defined.
(j) Any software that needs to be deployed to the server. (e.g. The oracle software itself takes up several gigabytes of space).

If you wanted to be very precise, you could remove unused space from the calculations above, but I haven’t done that here, in order to keep things more straightforward. In real-life you would probably be better leaving the extra space available to allow for future growth of the database - which you should also plan into your size calculations.

As you can see, calculating size requirements for an Oracle database is not always as simple as you would think.  I’ve tried to include all elements in this post, though in reality a lot of them won’t apply to most databases. Please feel free to share any other items not on the list, that you feel should be included.

Categories: APPS Blogs

EBS Technology Stack Blog in transition

Steven Chan - Wed, 2011-03-16 10:17
I started this blog in 2006 as a personal experiment. Since then, this blog has morphed into a combination of a breaking news source and a wide-ranging reference library. Over the years, I've deliberately established an editorial policy of ensuring that we break EBS techstack news to you in real-time, free of hype and unvarnished by marketing considerations. It now includes contributions from almost thirty guest authors. We've collectively published about 800 articles, fielded over 5,200 comments, and handled countless emails from readers. We get millions of pageviews per year, and there are over a million incoming links to our published articles. This blog's success has been an object lesson in how a small, personal experiment can take on a life of its own. I still manage this blog in my free time, mostly, but it now lives in an odd grey area somewhere between my official job responsibilities and a personal project. Things are about to change I fully understand the importance of this site to you. Unfortunately, there are major changes underway that will dramatically affect this blog. I am working with our executive management team to investigate options for preserving both our ability to get breaking news to you as well as preserving the reference library functions that you've come to rely upon. In the meantime, I'm saddened to report that this blog is on hiatus. We won't be publishing new articles or announcements. Comments have been frozen. This is temporary, but I don't have a date yet when we'll get back into our normal swing of things. Stay tuned. I'll post more updates here as soon as possible. Regards, Steven Chan Chief Editor Steven Chan http://blogs.oracle.com/stevenChan/about.html
Categories: APPS Blogs