Oracle-L: Re:RE: RE: EXTPROC

From: <dgoulet_at_vicr.com>
Date: Tue, 20 Aug 2002 14:43:36 -0800
Message-ID: <F001.004BA8BE.20020820144336@fatcity.com>

Ian,

Interesting note on library priviledged if you have not noticed. With all objects you can grant the create or create any privileges, but with libraries it's create any only. Kinda dumb I think. One other thing, if your going to use extproc's and for one reason or other can't set the extproc_listener up in a non-priviledged account make sure that protocol does not equal TCP. At least with IPC the connection has to come from inside the server.

Dick Goulet

____________________Reply Separator____________________
Author: "MacGregor; Ian A." <ian_at_SLAC.Stanford.EDU>
Date:       8/20/2002 2:13 PM

A few additions. The extproc_listener should be initiated by a non-privileged account; for instance, the nobody account in UNIX.

If you are using Intermedia, then be sure that you have LD_LIBRARY_PATH set to include the proper library directory, or you won't be able to the inso_filter. I have heard that later
versions of Intermedia do not require external procedures, but I cannot vouch for that nor do I know when the change may have taken place.

Do not give create library privileges to anyone.

Ian macGregor
Stanford Linear Accelerator Center
ian_at_SLAC.Stanford.edu

-----Original Message-----
Sent: Tuesday, August 20, 2002 8:53 AM
To: Multiple recipients of list ORACLE-L

John & Dennis,

First off I do use this feature & have the DB's isolated from the Internet. Also, NEVER set up an extproc listener with "protocol=tcp". It may be unsupported, but I did manage to get one working that way. OH, talk about dangerous!!

Next the extproc process does use TNSNAMES. You have to have "extproc_connection_data" in your tnsnames.ora file on the server. Having it on the client is totally useless. The only allowed permutation to that name is having your domain attached, as in "extproc_connection_data.vicr.com" if "NAMES.DEFAULT_DOMAIN = vicr.com" in sqlnet.ora. At this point the key in tnsnames.ora must match the key in the sid_list section of listener.ora and the sid in sid_list_listener must match the connection_data.sid in tnsnames. Otherwise it does not work. Also on a Unix host you'll need appriopriate priviledges on the shared library file. Using a symbolic link is neat, until the duhveloper who created the shared library decides to change the permissions.

Dick Goulet

____________________Reply Separator____________________
Author: DENNIS WILLIAMS <DWILLIAMS_at_LIFETOUCH.COM>
Date:       8/20/2002 7:18 AM

John - If you decide to use this feature, be sure to read the security vulnerabilities carefully.
http://www.ciac.org/ciac/bulletins/m-047.shtml

Dennis Williams
DBA
Lifetouch, Inc.
dwilliams_at_lifetouch.com

-----Original Message-----
Sent: Tuesday, August 20, 2002 9:43 AM
To: Multiple recipients of list ORACLE-L

Hi all,

Does anybody know how Oracle determines what extproc to use when making an external call through a listener? I've got one working, which is great, but nowhere in the listener or tnsnames is there any kind of binding to a particular sid, other than to a HOME, and the library def and c code don't seem to be making use of tnsnames in the traditional since, in that I can change the identifier to anything and it just keeps running. If I have multiple HOMES and differing releases, how can I be sure that a call is picking the right listener.

I'm really hoping I'm missing something obvious, but I haven't worked these things before and am not seeing it in the M or the code I have access too.

TIA, John P Weatherman
Database Administrator
Replacements Ltd.
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: John Weatherman
INET: john.weatherman_at_replacements.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: DENNIS WILLIAMS
INET: DWILLIAMS_at_LIFETOUCH.COM

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author:
INET: dgoulet_at_vicr.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------