Home » RDBMS Server » Security » security issues..? (Oracle 10g 10.2.0.1.0)
icon5.gif  security issues..? [message #382072] Tue, 20 January 2009 20:04 Go to next message
tax_man
Messages: 6
Registered: March 2002
Junior Member
Hi
I have recently deployed a 3-tier proprietary application that:

- has a thick-client installed on a Windows Vista client machine
- Oracle 10g Enterprise edition version 10.2.0.1.0 installed on the server running Red Hat enterprise Linux

I have complete access to the server and can log in as sysdba. However this Linux installation only has SSH terminal access ie no GUI available.

Problem: I want to use a graphical tool like Oracle Ent. Manager to look 'inside' the DB.

Attempts so far:
Looking around inside the installation on vista client machine I found a folder:
"<xxx>\3rdParty\Oracle10g" which contained files:
- tnsnames.ora
- sqlnet.ora
- sqlplus.exe
When I ran this sqlplus.exe on a CMD prompt it said:
>Error 6 Initialising Sql*Plus
>Message file sp1<lang>.msb not found
>SP2-You may need to set ORACLE_HOME to yourr oracle software directory

So I decided to install Oracle 10g Client (10.2.0.1.0) on the Vista client machine, and also did:
set ORACLE_HOME=C:\oracle\product\10.2.0\client_1

Now I ran the sqlplus.exe again and it came up with a login prompt. Problem is I dont have a login/password; what I plan to do is to create a user by logging in as sysdba on the server, and grant all access to him, and then log into Oracle Ent Manager as this user from the windows machine.

However, here is another problem: if I do 'tnsping <my_db_name>' it says:
TNS-12541: TNS:no listener

I suspect this is because of some security setting in this application OOTB.
The entry in tnsnames.ora setting is correct, as it was done by the client install program (not manually). It contains: PROTOCOL=TCPS, and PORT=2484.

There is also a 'wallet' folder on the client machine under 'Oracle10g' folder.

Finally the sqlnet.ora on client machine contains:
----------------------------------------------------------
SQLNET.AUTHENTICATION_SERVICES= (NTS)
SSL_VERSION=0
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_SERVER_DN_MATCH = FALSE
SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA =
(DIRECTORY= C:\<xxxxxxxxxx>\Oracle10g\wallet)
)
)
SSL_CIPHER_SUITES=(SSL_RSA_EXPORT_WITH_RC4_40MD5)
----------------------------------------------------------
All I would like to do is to be able to connect to the oracle server with tools I am familiar with (like OEM, TOAD etc.).

This stuff is quite outside of my understanding, so if you can provide any insight it'll be much appreciated.

Thanks
Re: security issues..? [message #382073 is a reply to message #382072] Tue, 20 January 2009 20:22 Go to previous messageGo to next message
BlackSwan
Messages: 25050
Registered: January 2009
Location: SoCal
Senior Member
You need to help us by following the Posting Guidelines as stated below.
http://www.orafaq.com/forum/t/88153/0/
So we can help you & please be consistent & correct in your postings.

It can be very confusing for us readers when you use relative terms, such as client & server, or when using indefinite pronouns (it, other, etc).
Avoid this confusion, by using direct names.

On Vista (client) you need to run X-Windows software (like Exceed).
From Vista you need to invoke terminal emulator software , like putty, with X-11 Forwarding enabled.
You will need a Unix login, preferably oracle, or which ever user owns the Oracle s/w on the DB server system (Linux).
If & only if you can invoke xclock from Linux & have it open an
X-windows frame on Vista, will OEM have a chance to succeed.

HTH & YMMV!

[Updated on: Tue, 20 January 2009 20:26]

Report message to a moderator

Re: security issues..? [message #382074 is a reply to message #382073] Tue, 20 January 2009 21:07 Go to previous messageGo to next message
tax_man
Messages: 6
Registered: March 2002
Junior Member
Hi
Thanks for your tips, I will follow it in my next post.

I guess my post was not clear enough and so your reply is going down a totally diff path to what I intend.

I cannot install x-windows or anything else on the linux system. I want to run OEM on the client vista machine, and point it to the Oracle instance running on the linux machine. If my vista machine cant even tnsping the oracle server on the linux machine, I assume OEM cannot connect.

I can access the linux box via a monitor & keyboard that is plugged directly into it - I get a command-line interface, with no GUI.
I hope the above clarifies my original post. Please feel free to reply with any comments....
Re: security issues..? [message #382075 is a reply to message #382072] Tue, 20 January 2009 21:17 Go to previous messageGo to next message
BlackSwan
Messages: 25050
Registered: January 2009
Location: SoCal
Senior Member
>However this Linux installation only has SSH terminal access
>I can access the linux box via a monitor & keyboard that is plugged directly into it

I wonder which of the 2 lines above more accurately reflects reality.

The 1st LAW of holes is as follows:
When you find yourself in hole, the 1st thing to do is STOP digging.

Therefore, I'll avoid future frustrations by withdrawing from this thread.



[Updated on: Tue, 20 January 2009 22:04]

Report message to a moderator

Re: security issues..? [message #382369 is a reply to message #382075] Thu, 22 January 2009 00:59 Go to previous message
tax_man
Messages: 6
Registered: March 2002
Junior Member
I managed to get a workaround to the problem - on both client and server I changed 'TCPS' to 'TCP' in the various config files. Now from the vista machine I can:
- tnsping the oracle svr on linux
- use sqlplus and
- also start up OEM on the vista machine and log in successfully.

Out of interest I am still trying to find a way in which I can do all the above whilst using TCPS, not just TCP.

Thanks anyway...
Previous Topic: How grant user update on spesific column
Next Topic: Need to make read only schema
Goto Forum:
  


Current Time: Fri Dec 09 17:30:08 CST 2016

Total time taken to generate the page: 0.52336 seconds